23542300x8000000000000000168387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:02.888{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=216CE959930A0508378FBAF5106B7938,SHA256=91AEF0D331A9BF20EC20DC36936F4B4E0D485ABEEEBC007EB45FD63C56CACCC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:03.904{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=928CA0BF9806A75CB677A95256493A5A,SHA256=0EE6AC2C735051B44B0070234B3CAAF1B7FA932DEBEB9B68942B454814AA9FE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:04.920{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C98662317D7B621FB5D22AC42A74E5D,SHA256=7913F74704CDA03FE07EA05D7EBD9450404B702D748C4F42086B69396B0A8965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:05.935{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11122C8D54D2E2886D9CDD4481E7BA4E,SHA256=51413FFE5A563915B87F86D1F7009E12135EB0FD6306F98040A1FCA624326CE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:03.083{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50699-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:06.966{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D26B8021C04C149F6979D16DE9C121F0,SHA256=D9ED65CC0A8D570871C3C144D2B5C095A5C6090ACE2C54D22056CEF673482F6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:08.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B822EA0FD7B75F106043F137992A6D95,SHA256=9B476838F5F3FB9D204A3F6E22EDE281EE6350B26533C79F5A7E4528919CD7C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:09.404{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB927F8E353457F291D0C83543958EB,SHA256=FE3F6FF3F55DE71251D25C09706B94F4991DF1652D4CD1B7C9A82A899C7F8BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:10.623{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FAEC9B9205102F4DFE648C27058F4D0,SHA256=D9D2A2B95B3DFE7E5333BF111A7351682D4A9105B48C00FA85D85C9D7F3F27C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:08.192{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50700-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:11.638{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=377C93BF250F1299EAC8A63EA3489DFC,SHA256=2BE2AAC7F101A9201E3923F615851D53D9BA9AE1CBB24D81C5D45E61A0DD1C51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:12.701{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E79C76098622DF784A36ACA593E018C,SHA256=D3B3365BA01BAB65DFE5C9DECC458513F9F4CDA8B49D53C476906E19F6664613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:13.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1DE592848D9497945BD9A6DE2F1B3C9,SHA256=96C943C65D99609D65FAEC1E28D5BEBB1ECC0ABDE5A5AE9C2A6EBAA494C17C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.826{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AF59D62AEB4F8E11570127D06EAC71C,SHA256=F0A73643A50E03D19D0B2B51FB364F08BDF37E36342886F796F359CE00185840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.716{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4517-60D0-0100-00000000D001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000168407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:13.208{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50701-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000168406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.919{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F7B839BF37FD8D7120E40C63BF7595,SHA256=815459B6DB9A008ABA88D278D8845BE9CAE47D25A6DAF9B84725E3F36C6A1065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.666{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C722700B929AF86365611367BFBCF76C,SHA256=678136ADA4C3FB836610FB26449E1FF12DC486F424BAB4CE2757E8B77A2CD0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.666{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD387F41D2DF1D8F21C523D83760CB8A,SHA256=083C7A410F3F0C70562D969D1964BDEA19DAE7DB16E2BE452BBCACD0AD64E203,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-A1FF-60D0-1D10-00000000D001}46442792C:\Windows\system32\conhost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7565500C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7565500C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564188C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+18cf7c|C:\Windows\System32\SHELL32.dll+18ccd3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.607{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Temp\testsysmon.exe" C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 354300x8000000000000000168446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.696{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50704-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000168445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.695{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50704-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000168444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.594{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-385.attackrange.local50703-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000168443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.594{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50703-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000168442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.586{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50702-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.586{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50702-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 23542300x8000000000000000168447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:17.062{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E462713840661D36F3C1E06179B5434,SHA256=0F671FDD6296ECF52C3E9C90835A394034E20890592B147E3E32B742D9269A8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:18.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB2473079CB359152CAEB216AB2CA6D,SHA256=A50F3FF46ABC88BF415F19058C7E821A9A65BD989C49D747A634DBE4FCDB6ACE,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localInvDBSetValue2021-06-21 14:28:19.734{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\testsysmon.exeBinary Data 10341000x8000000000000000168467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.172{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.172{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.140{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.140{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36dd2|c:\windows\system32\rpcss.dll+3dbed|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe10.0.14393.4169 (rs1_release.210107-1130)InstallAgentMicrosoft® Windows® Operating SystemMicrosoft CorporationInstallAgent.exeC:\Windows\System32\InstallAgent.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=88C7DCDD735B31E4F5620E4B9F38C87F,SHA256=5EF1322B96F176C4EA4B8304CAF8B45E2E42C3188AA82ED1FD6196AFC04B7297,IMPHASH=EAB6EF3DE625719627DC808B5F0501FC{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000168454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.094{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B193136B06EFA1C6C8ABA2904064BBB,SHA256=3A938C844BA42CE6D7F049D253BC2D20D926069EEF65B5A60722ECA95196BECD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000168471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.022{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50705-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:20.109{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3103AB26328707E6267293060E4CBD72,SHA256=25C34C1EC7B9236D4ACFBA0B93DA5E732CA7D607C58B59C0482432BF12FFD7F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:20.109{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C722700B929AF86365611367BFBCF76C,SHA256=678136ADA4C3FB836610FB26449E1FF12DC486F424BAB4CE2757E8B77A2CD0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:21.125{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=869D6EE28905A43DE1A1884F39844B6F,SHA256=91279987FDE4191DD07B8E2169A5DEF6D5E3681B3A6D7E5FE8EEB0BA3863FE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:22.140{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7D4BEAA28FF5CA123B0E9E2F7C135A9,SHA256=6AA8E66D602EDABBF9972130212672C3AE0A15C8F788A549A9AED30479A0E805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:23.156{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4A6C0214B464174E703197D79E062F,SHA256=06CB398DEAD7F31EB54D388954DC0CA0C62B8BD68F820BA425D350F6E2406D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.797{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F1D7E97F427B2FC44B4FBB2ECDA0CEAD,SHA256=76F49DC427068DD52FC933A98F08986028D602C67C8B9CA93091467BA8BDCC25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.172{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7A6F656B29A216ED6ADBB4042D9EC03,SHA256=30E192FCBE150F28A36016608EB6119AC6E7297F0EE1247E791C597CD54D343A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.069{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50706-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:25.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8391ABA13B9295F1873329C423E7DE84,SHA256=0E0C6E739B161A382555C08C8B4FA4DEF275AE4DDAFDF4CFF4EF9E0B02FB1C35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D10FCF212E4D8D12BA475116058D82A,SHA256=25078A85ED96A20340E0A0A83D6F43B5F22C42720AE9AD2523AD978F3FA098C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF87A3EEB30CDD1C30090D346F3E2B2D,SHA256=C5C68A72B7AA616A91F69335B61F2B770AA97810937388D52E5C726267D960F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D657EB1C4CF57DCF5B67540B3FB7073,SHA256=35A191357003B7C8FF14EC29C1EA3E2C22E3A64A1CEB08E5766FFBDA93D43525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:27.203{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C06A0591D05042A891620C32601073,SHA256=0BD43B985E43D724F0EEDE047B9AEC6B51D0CFF5161450171CA186F346F220DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:28.219{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F5E884E1846D42271EC4688A4B61F1E,SHA256=38D5EC3D77D4BAE36C4D6C2559B0C3F4E398093FBA1361B7934A452E49E490E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:29.234{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF04124FAA8CF10532699A0FF6698837,SHA256=6440C79DEAEB7CE506342303FD4F8F1B3C6046509E7DE25A371DA83B42683C40,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:29.147{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50707-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:30.250{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E6BFC15B5F9C29E0B327FA3E979741D,SHA256=958939495B868D9E6360DFE7CE04BF02AD70EB6980EF0F8BEF406BB213CCB2D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:31.265{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DED3999AE08BC1D030408D81E1B0E00F,SHA256=DD0A31D6653A588B3B2AE703B9BEC36D3699FE4827ADDA9CE16CD4BFAFE1401B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.360{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.265{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BBA2CE3F99F2E3E3CCE3BD3CE181ED2,SHA256=004044C88995BCB5AFCE618B58E31C07495BC67F5DC5D0999AB7794E539DDE6B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.611{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=841E297EDAC41031A0D8AF63788681FC,SHA256=507C3C192FD61830E64B66EF4ADA7E5576AB19A78442F486D6260E1227C3E53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D10FCF212E4D8D12BA475116058D82A,SHA256=25078A85ED96A20340E0A0A83D6F43B5F22C42720AE9AD2523AD978F3FA098C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.281{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AAD91D3A15A4C0CF19B85BA38A16EA3,SHA256=F762A26D7FF32990BB3F6F951AD0E2E5C7162A5D559598EED6957148F81456BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.203{D8DCB3A2-A211-60D0-2110-00000000D001}59804064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.032{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:34.609{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=841E297EDAC41031A0D8AF63788681FC,SHA256=507C3C192FD61830E64B66EF4ADA7E5576AB19A78442F486D6260E1227C3E53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:34.281{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8428B3C78F742CFDCBB6CF4AFAEF29,SHA256=26477000ED59B0A50DCCA85F99D0139C0F8A06F3AFFB6F684E857302697ABB8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.829{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000168528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.297{D8DCB3A2-A213-60D0-2310-00000000D001}55522964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.297{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF0DDB26B6ACB8F02215D811FEDE8FA,SHA256=F5E93682332FA43B90CD075A443C9E006E18DB556C8EA7E064F3220B5FB0B7B4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.157{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000168548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.688{D8DCB3A2-A214-60D0-2510-00000000D001}57085356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.533{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.298{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7F7A25DAB0E278F811B5D14122047D,SHA256=908B7938F0BC6B0667038E816195D71A606FF33000C4C811BAFCD5C53453BF1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04E0A8A3AF85E07CAD15FA029B6CB59A,SHA256=C3274F45928CD2AD88A90F6ECEEF3BB2B6E26CE2EA5174C916920F87224154B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.000{D8DCB3A2-A213-60D0-2410-00000000D001}8605040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.735{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F63FC4AA48D38678ED9EF7AD31120715,SHA256=A45D603E1A06C7D62CFEE3C6B9ED39D13292557D7DA489ABBA9450DC41D8916B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.705{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.298{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18C25878A45A199764A24DF4CE24C8BD,SHA256=B01D05929882BF9324FF615D0253D4B94BCDF41B8139C74411C26BCDF7E8A8BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.022{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50708-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:38.314{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B03401F610ABAFF1F39AAAA059C6B3B,SHA256=5A38342610E33506D18E998D997C4FC5CACCAF409B5C15DB1B385FBF40528271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:39.314{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE4332048B5D402092416975EA9BEDE9,SHA256=6D7883FB6EBD3D9AABAA4A6021E7F80C94FE03F30291C91CABAAE582F2A3FF01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:40.329{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F334C60B450CBCC9C3196624D3672CC0,SHA256=668271274DD4AE2FC484E49507FB5293FF9C672B8EBA6779908239910523FF70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:41.345{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F6BD06E480D28BD1864141CA422B656,SHA256=3EF3A71165D4188769B4AC40B689E58F1530F205DC20C96D99960AE3B1888070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE955ED8867B27D61E6F74387AD9F640,SHA256=2195CB08A661199C68CE8A0E5589EDC3DF9B80F3C60C729847557034127BA362,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:40.101{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50709-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.173{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:43.376{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B40B0D8B20C661935BA2BFB5082E0BDB,SHA256=37BA0278949FF67DE9AA98434FA177EE27E4EC3BBED2838FB1B612AF697587EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.132{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50710-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000168568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:44.392{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD613349D5F06E9208192BC97D666826,SHA256=9E78525770E3903488DC40E6F98FCB1CC868CEDAEB42F5C4E66ACD37A9EC36E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:45.407{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DE8DE137A5BAAD945C5D93C2C670AB5,SHA256=5D35D6261EF2A2F0B17A6EC9E7A62CDA37940EB0CD3E0A89B826DEC1500E938B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:46.423{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58C06A37838D7F0AB9AC70ECA69AE14B,SHA256=C06AEE33DF8C1941E828BB05E9216D06561655C618E8D232AE6AA0E6606131E8,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\DFD6B7A8-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_DFD6B7A8-0000-0000-0000-100000000000.XML 13241300x8000000000000000168575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Config SourceDWORD (0x00000001) 13241300x8000000000000000168574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_9421F5BD-5BA0-453C-965D-CEB3A23E49AE.XML 354300x8000000000000000168573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:45.226{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50711-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.439{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AACE2ED9A73D762A0839890F70DAF9E,SHA256=7B8422CAFB76C6AEDB1868C91BE1EE98E8259E65E4D5D8651FA61343DDF23003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1BE1C4BE2B0B063FE6936C6BB02D731,SHA256=6FDD4C8D290AC04E936AF34EDC5FD05408C7F900F137CEBAAC4E8EA2BAF30D5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2B4CAF9DE98F8AD986490F060EDD533,SHA256=0A0E7C630B7EA9D4614B6107F691A841006D3E2EB3185E3131C7BD674D6E4FDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.454{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C21A6A13CB1ACAFB98136C0241D45EE,SHA256=68F9CB99186082DCFAE59B09AFF17F2463F044B63538FCCADBE218896F8A2A45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:49.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52F0011746439C14DF1FCFED91424719,SHA256=EC6FF9F56DF1113BCBECBCD729B9C028B8269768B9A362A797641619EEDF57B1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.614{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50714-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.614{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50714-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.605{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50713-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.605{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50713-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.586{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50712-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 354300x8000000000000000168580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.586{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50712-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 10341000x8000000000000000168613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.485{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEDF60FF5873215A7290DB674DEAD132,SHA256=018D3651592C2C61BA8BCB10196D092FA1627E16E354CD9A0A72E4FF85B4D8C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:51.485{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1741BFFCEA1228072262220C407AAA9D,SHA256=A49E0385CAA57286866CBA01916AC1698293B886DA6C6940A15257CBA5EBD376,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:51.069{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50715-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:52.501{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F69691C35AC2B38DCE755A0DD382095,SHA256=01114A5576918BB20C255176D8B2D23BB710B80B18644486BEA920CEE88C0D8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:53.501{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A057404A8533EE5E40C3B179169305A4,SHA256=E249CE120112A8C36EA66D1BB3B01C62EC61212C2BA43B39AA2966AE646592DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.517{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A49D09E8512364C493671C92EFC6412,SHA256=C7C791475CDC8A182F28964B1EA5BEE01947FA515F60BC1AB9DDD11264D91067,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.319{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50716-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000168622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.319{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50716-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000168621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.532{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAEF93BA206D25028A2A86D1A4F62EEF,SHA256=76F9E601C843DD5B812FA0F3B53F0F03BC122DD2D49A45D7E95AE51CB76162A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91CF4A88F57365B5A7E12EF9E06B9FDE,SHA256=41B308203339A9ADD7F52F3716335F98E9CF672FB18E735E3453519B9B09D731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1BE1C4BE2B0B063FE6936C6BB02D731,SHA256=6FDD4C8D290AC04E936AF34EDC5FD05408C7F900F137CEBAAC4E8EA2BAF30D5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:56.547{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCDB3B2BF2F7CB70B24F708E9AED6E5A,SHA256=CB03F91B2492B5DD1479CAE9FC00A792B9B721DC9E011E7D72CBD785DB430D3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:57.562{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14336B00B261FF79DB772F66D66F019E,SHA256=92BFB2376DF84CEFCA544DF6369C2BCAC3E8C1CB200B476ACC155CFB44C0C970,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:56.132{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50717-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:58.781{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C191C49475678251D38B6AC372DC8E34,SHA256=33CC3ABAD1325C3E3135E8652CB8E52FBEDE5B088633FF1DAAF74EDD49FAB8B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:59.828{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EACAEDF6784038CE215ADCB478CAE7A,SHA256=6AA70CAA8434F99CC8F6D63B4C7C77122CD80D749FF0B314366DFE197DA6EFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:01.062{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25B860984B77E9DAD5017EBEEBE38BF4,SHA256=38D055858F1C1283BC7A2919BF2CD5F21FA2E4CA2DDD95F684036241D373CE68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:02.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B33DD569AE686B4F8D2847900B8524,SHA256=9789C54895DF887A96AD9FA60358DAD80D51266B1CDD8FABC6B1BF4301939D39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:02.052{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50718-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:03.328{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=834FE527B4E7B0BA76ACC4EB3AC53E3A,SHA256=06450C858A9E7E630B565381C4AB14A33AD8AE7B2DA01F05C7A6BF0B486199DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:04.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7B7F9B7E328D2A6104F9360C05FFB5D,SHA256=63FC38B5F6C4ACFBCB4A6B33CBA3183DE618B617EB640642B4C403361FB4EBBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:05.422{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79F5ED59702933D24CD0C7BBFDB7635A,SHA256=C4E418C888F4819215F30628F4E969A44A42BD5735239E04C7DFF3F8F9539D35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:06.594{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5B414912CE1687B1AC25B00AD7055B9,SHA256=55EC318CB92F49871C6228883E7DA52D0C3CC239C17D9F44F47386A1B6C87513,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:07.609{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D7551DA637FFE23A53990F07BD0C6FD,SHA256=9D647011A2D29B4E3D55C03E19EE8BD2DD455AFF275A2AD2C42AEC438E2D1F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:08.656{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80E9C4B5CD573E311B47F82A1CE355AB,SHA256=15014031D68405DD9E0659727530C8C759F520B3E2F7D5D272FE7C757805B719,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:09.703{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE20D3B80C0E407E22E5F3D8E26B0FA3,SHA256=0BEE8ACD6C7A13A54E3FDAE2082E375926A3A3D9CDAA894A474DA367E139EE80,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:07.099{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50719-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:10.906{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F197D8D4A2296D944E46F9D47DAF4C,SHA256=8EC3CC6D49E6572D03706D2899998FC9633B829E9E5AA5C1CD9B7CC3099EADDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:12.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5A6E2E60BE912585AE8988E4C912702,SHA256=FFD26740F2200DE9D6AC8F92774454419C4B1FBAF85509CF8C4A9F81156FCF89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:13.297{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=090EA6FED33FD82586EE81902833B1C4,SHA256=D1DF8B371995B54C5EACC8B851DAF7470F66124A541B13CF228F74EEEFE28BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:14.359{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D98725E982AC820677E914E3542EC5D,SHA256=498F99CF30C0523E58B090C95E6D253D107AEC821FF5781E73186B82D229A47C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:15.407{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F4B37420D79E8B78201183C2A341AEE,SHA256=41A4282B77DCA80F64581A5A3D826370536808984B3CC0DE216AE8DD95CCFEA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:13.099{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50720-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:16.412{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48A6F2434DFCBBBFD3A8189F581E3E55,SHA256=5526BF8E38BC0AC9FA2DE5832A124FC84C3860D410D6F76646F7A3EB72770B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:17.415{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D1FD2457C61D91FAF0307522F31F202,SHA256=F4C01C9C70A6126F9044940326BD5C9ACDA235EC06AF91DB94DCD377D8349190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:18.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F5CBE7AB7BFF9ED98F619524408808E,SHA256=753732A09C30408F3572D5C312D08D1A139C2FED978E20F0857ECDB65EA781A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:19.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F15A31D05EF574C1F4BEC8ABF4E4C650,SHA256=DE4F3C44A326F4830075AC6636B6A38860078C12DA53274650A228B52B7FF25B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:20.806{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B1F4FCCD3555D53E610232A35BA66C9,SHA256=B856A9B5E6C15C0D5B8E89042C074C6BDDCEB195017AAEAD14B4D8AA537B7411,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:18.108{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50721-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:21.822{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97FD3123969EFCB5DAE983AECAC5DE3C,SHA256=214BA1A190AAAB2E32D4BA792AD45EDE0B0C15AADC94E08B306974765379B89A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:22.853{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=313F8B316DDCBED61DA960A3EC0288D1,SHA256=89ACB1B4454094A929DD462E55EF653B9251F04C4ACA6CB0D89DA4E2EFF4EB83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:23.869{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A41601158B78245D1D0CD3C07ABBA7F,SHA256=AEE90154ADF1EB355BC3CAB0ADD9FB8E25894927AE35CAC410FA036EBD3725A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:24.900{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95395ABAC702C0795B30C85DF3544504,SHA256=083D68A7B7CF715BFBABAF42DB5C5688CA13E4912004ACF304B8FABCAF3DD9EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:24.806{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5B2DCCFFE2D4FD6F944852909574E181,SHA256=B7DFD9595FC0CD4C40F0761B1307AFE8C09103A39B0746B6A675F5C35573719E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:23.123{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50722-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:25.900{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C46FB94BF820CF86C1CE9B2189453556,SHA256=264223D74DEFB19D33BA739159894CB65378B4F4092AE7E9611B9810F1ADB3D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:27.119{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82EB3A6F873F820DBB5707F8953491EC,SHA256=AD8354F7DAF5A7ECCC4D50E3F32B910E87C4158FCDFB888EB89AC8BAAB584C41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:28.353{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=933162B5B92C094E8E618B58267B62D3,SHA256=2A0830A6595CCEC6E5C9813A37B52FA993B7FBEBBE9BAB99494662F91C72D0BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:29.415{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=678FE21CAF023CB69A65D771BE3618F2,SHA256=D58A42D1BDD76B37B5ADB1928CAEF18AC71BE861E7508310805C95D59BD68BAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:29.045{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50723-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:30.447{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=186B4DA2CC5E4DE96301103B01B1D892,SHA256=662BDAA541B8194EFBA230E7BF2FA0121628321FC597D803DB1FBDF55974F856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:31.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4023EEE17723191DF50224D54712ED39,SHA256=F93653EEA836F8B32581928D5A76EA96013F321E3714C7878B168D1FA509B840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.963{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.681{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7E3AA55E6ED9B75E76519D08EDFC180,SHA256=F6A7894084463F69F64B72A3B25F751FF4D79C51B59D9A9C35756DDE7D507257,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.354{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.915{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE1946C26EE3B756D8B362ADA06366DE,SHA256=DD5FA10062E1796945D0976615D2572416EF4D25FDC7D342D97278CFE3539652,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.604{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.384{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22A1A5DE151B7B51F6A8C02C7DDDF3F9,SHA256=6925D6D2310D51E6AF5E5BC91AFD31C047EFE773A2BB6287E6155A7B7102B019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.384{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91CF4A88F57365B5A7E12EF9E06B9FDE,SHA256=41B308203339A9ADD7F52F3716335F98E9CF672FB18E735E3453519B9B09D731,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.134{D8DCB3A2-A24C-60D0-2810-00000000D001}28965732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:34.837{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22A1A5DE151B7B51F6A8C02C7DDDF3F9,SHA256=6925D6D2310D51E6AF5E5BC91AFD31C047EFE773A2BB6287E6155A7B7102B019,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.931{D8DCB3A2-A24F-60D0-2B10-00000000D001}9764712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000168705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:34.232{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50724-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000168704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.275{D8DCB3A2-A24F-60D0-2A10-00000000D001}61124328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.104{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.009{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1E0B75A4D2A27D3A0D8B1E822C86DC9,SHA256=98E2FBF5A52DFAD86B730F522B1651474893734C038DF0636767F71B32526E53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.633{D8DCB3A2-A250-60D0-2C10-00000000D001}8365912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.493{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.181{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98A46726DA55EF0337F8BE70ACD6C090,SHA256=254D0DFB46B0F8E3AB8F8824E3ED9C28DF9041B1EE79AE663F0C04C69FCA11C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.025{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA7C94B230A111E2982F1EDC88D6CA34,SHA256=3F76B4D1C9145A0BA786F27313918EC002F1C4E21332E71C7EAF879ECAD16330,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.633{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFA7514B99640ECDF346E543581E08DB,SHA256=69A2DB266CB26C462782B0A36C982E55CC5FBA72E35C5839D5334B21C481836B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.039{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB242BF6C120B935E463467D77DEC9C2,SHA256=5E1CEE0B227964A858DD5E4E8038B00095D726BC47971A6D43A2138AB865FD93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:38.758{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B74335C1BDB0C64B4C6CB00A0AB255D,SHA256=E476EBE5B43FAB19EA1CF8C9A4D1E4B7D8E737F3DBD4B1B9832C56A442EA5CA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:38.055{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7956E33C3DED0B53A176575F4289227D,SHA256=6FDA2B1CF47B9B23252E53780746E84C013B4A222CCE450BA07E77D7D1D095C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:39.055{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47DB70013C4E8C5D14A5892BECFC0CA9,SHA256=179CF1107A6012FB91A18F30D0C779E10861A07BA0E672D7671FCA415A35A2CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.071{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D8150DFECBE943EFC8887A95EFB2ED0,SHA256=2B97FB8E58768EAE7EBEB827DCB021A284F7685918CDEB78C167C47A91EF9622,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50725-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.071{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89632A7661DFC3B423EE4851778656A6,SHA256=E95B1062081129AFDBCA115F5F7C6A20834242980EFE4744ECC6B2F1653BC2BB,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:29:41.039{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B8CDCB65-B1BF-4B42-9428-1DFDB7EE92AF} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 10341000x8000000000000000168746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.196{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.086{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDD4608DB74084FF0E387990174F1593,SHA256=4FF8C6F653B10D7216E3A2726C8580AEF961F7B61C174A28AC419ACA77D0D6EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.153{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50726-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000168775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.352{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.242{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.242{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856648C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+4f38|C:\Program Files\7-Zip\7-zip.dll+61c5|C:\Program Files\7-Zip\7-zip.dll+698e|C:\Program Files\7-Zip\7-zip.dll+6aa9|C:\Program Files\7-Zip\7-zip.dll+8771|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+16d60c|C:\Windows\System32\SHELL32.dll+19e7e8|C:\Windows\System32\SHELL32.dll+2844a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+16d8b0|C:\Windows\System32\SHELL32.dll+16ad2e|C:\Windows\System32\SHELL32.dll+737a1|C:\Windows\System32\SHELL32.dll+76686|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026 154100x8000000000000000168753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.230{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Temp\" -an -ai#7zMap32200:48:7zEvent28956C:\Windows\system32\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000168752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.102{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D994A9BF435EE805879543F8736BB20F,SHA256=D561931541DD7ADE0C3A2A2B3CE64EFD45A11ADEC3C8A56407E8255719AB8693,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3AA4AD5B4882428EAD38007736F06B9E,SHA256=DD2AEE150AB1325D4D5402A5E43B4055E3388EEC0E3F0F0A25C22593B99B07E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CD092EC2C27D71EF90622C176A4E2FC,SHA256=8F8EE8E6F6ED616D16F6AF8A56FC3BC3EA37BA87432E447C5A2DD36D3B1CD80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.117{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285971F6FC6E37009253BCC2807833CE,SHA256=7673C51B1156AF7FCCE3A434FFACEE8AB5CCE1A60FA3468F4FBA6471920E301D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.133{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1447AE13D4D73CB175C7FF088806B8B,SHA256=AB2EA0457E7022479E14AD3FA686533E6E0BB07B070CBD1EBC4C2223F53E9B68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:46.149{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE4DDBA9D08841C5401DB55EF22B3D30,SHA256=837CDB2E915AAA11BAE845CE4274EA392EC37927EADD95438AEC213BC556012E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:47.164{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264A19B00DC0ED6607343F81F440BA64,SHA256=D38663BD34179D218C131837579DA9863340AFFB02AAB26FC715230D4F90B5BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50727-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:48.164{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFCEE2E48F02EB89511F59730C9B3AE0,SHA256=72FC4FC5F098652BFF7CA2D41380C6E55780C5089A7429397462654B5FC47E45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:49.180{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=721D68D2DBC483B68BF5B9193EB634E0,SHA256=7DA511E49107C62116127E8E3A781149474FB4BE3A82116CB35A25F52F5F1CFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:50.196{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69BCA665C3979AD4056CA7BBD0D29F65,SHA256=FA439C04B02BDC8DABEC28A3CEC5E226C59833D526C938B100F3981D43977065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:51.211{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2786ECFC752EA1764F121F21B80E1DCF,SHA256=3D77BD5F3EC82F3440FD492BD8C2D60A9563F39F33906B402473EF7EC979FC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:52.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23272999AA111814C67009AD65E9B71F,SHA256=0769F7879B7454F742FB7FFA05873D126872C50102FB4C60E6063FCB3A8E62E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:53.242{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A6985E6EB96CB4C690B1BE9A37510E1,SHA256=204DA75C2027E9E57FA77AC237C048DCF39B3150767204136A17F0AB06473C66,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:51.074{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50728-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.258{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E139F6C807AA94F27B3B0E35AB8A6DC,SHA256=AFEA273F623BEFE17709EC502ADE20E34998635E2511D0C5B04ABF0F63DE7287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.367{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=013B2AE15F84725E9C5DE45CE9442454,SHA256=F6B050635FDE5F13EA9055FBFDF8A0E67067F34F69F5F5B493A06777B92107F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.367{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3AA4AD5B4882428EAD38007736F06B9E,SHA256=DD2AEE150AB1325D4D5402A5E43B4055E3388EEC0E3F0F0A25C22593B99B07E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.274{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF8FA333517D34848E89E8707E5753F0,SHA256=AF340446678C6C661C39042491B9441D7EE74EB378AC11760EF3C5F60DA776B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:56.278{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AD0370FB0FBFF2E844BBD430B1D14C2,SHA256=8F33DF287DCFF3498166DBF4562C86440C83916AF100642D995BF01174E4BC7B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.325{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50729-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000168798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.325{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50729-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000168801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:57.419{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A411740078AEB7EAE90BAFCE542E7973,SHA256=5AF2AD3B367259138AA5276B6FA0EFA45D656C6C13D87AB0F18F4E38A3B072FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:58.544{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A991A52A212DD07FF8BE49B88822AB13,SHA256=02B4972A08941848890DA22B35F55494032EAA07B7BEFC16C206C561160BF6C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:56.168{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50730-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:59.575{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BC63D561B4613C62579E68FD31FB984,SHA256=413ADEEC95A1F0EC25982B90A4D5C5804E19586FB2996BFE21202202231C2B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:00.591{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C31B82178E534D76ED6C7CFDCB2A7E8,SHA256=E90A81D0C7E25ADB5BB6248DCC37689397CDD8ACF032E956A42038377FF47855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:01.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA8A90E24B8673DB0EC6B449C89DFFD3,SHA256=D8B0E8B50BF75368C4DB386F6E8987369A02F6B2827FE0566687E6D7A4CE2F57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:02.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11AAC5DFCC5F9219BB0FE724B0994D7,SHA256=8591038F28AB070DAB17935111E4CE7AE433B6D986583E3D55CCD5C0E11F8F52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:03.950{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B64B3DB31F59D4AAD16D3083101C563A,SHA256=7B1583FF73AC5143A7693CDE32D69C7E2078707D18A461B92EB52E0C0ADF8564,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:02.157{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50731-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:05.044{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB0974ECFDEE928DD2958DE46C22CF37,SHA256=8EDEEF968B133AA0D9A7D38B9B8463CB56EDDF669434659E540A99EEBC48AAAC,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000168812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:04.904{D8DCB3A2-4534-60D0-1000-00000000D001}412wpad9003-C:\Windows\System32\svchost.exe 23542300x8000000000000000168811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:06.091{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86823821780045F291B7FE9B19043417,SHA256=E03A91A494F452B6EC3679801BA1482F94939CF8212510EC96257C344B6532DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:07.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A78D377B9A61E3505390441401AA05F,SHA256=D68E0B109A77E7046904E8065775AA281A2D9FAF81A3C1DFDC46B86F81184746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:08.435{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=427F16C086C8A08700CBE7BDE08582F9,SHA256=93912E887D740CD61228FBF81E72857ECFC1314921413FBE5FEC73F6C01C2F5C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:07.172{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50732-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:09.466{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=131EB8B1DF725F5F9059F4BA2CFE83A4,SHA256=BED823F83D7E6957A164A644531BA56921AAB00491DC947DDAFADAECBA7A277D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:10.482{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48EF033A0DD6FA0AF5A5A83E2BDADD8E,SHA256=82430465776B47A42CAB6895119B73B5BE37EEA1064499367E89F2E081CB6F28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:11.716{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=732BE4594E28BDDCDB956924BAC16ECE,SHA256=ADDF3580B8C0A15B5C16A19907F4DEC0446E4EE41998DFE629925822F86D89CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:12.825{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F9D80D7EDEA61D2B2933BBBAD0A8352,SHA256=36EE66ADC7548F0C06086379774A1D761F0B6792D00E557B73471B88C382B431,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:13.747{D8DCB3A2-4533-60D0-0D00-00000000D001}8965764C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:14.044{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9839CA86CBE7FFA82582B3A2864FFAAB,SHA256=148A5EDC23208CB9890D904B31A30178D371B3FD71DC06538B1815EB4F8A27DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:15.060{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68513CE1CD4131078B5E88F852554D86,SHA256=E6EE5FFE5F79DFA350DFBD41671C001BDE912AA3A87AC1AC270781DF831849D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:16.110{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A352C93F94050F2AEB05A87E07392C3B,SHA256=38D5907F0FD1A1AD89B00E35CB86680A789C42FA2149C14A57CED984CB31AA4F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:13.047{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50733-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:17.210{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8470CCFCDA2167DDE794834473E33E57,SHA256=804FB0D60E1FEEE13A5004720009DDA0BD8B36AEE9A80A887F09488A81083A64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:18.431{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AAF2145CB960C0E3C830BDE318C36B1,SHA256=D13CA111E02761D267014E9A856892AB7D14BE5467890F2DD2198D1F677C3244,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:18.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50734-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:19.432{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C861733A177E735B3792708FF260CA83,SHA256=ECC01A5C1491AA3EF7EC34B0657E5F22FFCDD8CE7BEC2A8E5C2830446B23480F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:20.542{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26F8AE1B107E03D6AA53F2E03465A066,SHA256=F5DCF006021CF88907B50F3674F6DF313DEE0333A2D39F6335D5A63114D8AE3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:21.541{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5948DF4AFB210A698AC941490C14B177,SHA256=E32D16B4ABA81B01B78CD2E29A378DB31E987836679630B5B1AF486A0BFE4BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:22.556{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5124BDE0069E4B35FE5C9AEFD196838C,SHA256=049F971028EA85719D6490DBA8F8E317ED0341B2ACDBCBCA24E497E6BB99964B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:23.572{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53AA5D6C2963191799224D4D4BC488BF,SHA256=72F139968133E9CDAC0940DFA1F90D6043C9E06E3CBF4004196CC1C888DA78C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.822{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=EB525BBA7C5F4567A72FAB1CDBBF7CA5,SHA256=CC3636D9EFA2893044CECD51204528A38E61C84A97BF88397CA613D5ABFAEB09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.588{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CA16A8A90A9514DA5E85038A33E9D98,SHA256=49ABF02D3142A3C403F493670E7DD6F177198776B2689BF49CFC029A2A825B20,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.557{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.510{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-A280-60D0-2F10-00000000D001}37803232C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+660c|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.506{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000168843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-A280-60D0-2F10-00000000D001}37803232C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000168842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localInvDBSetValue2021-06-21 14:30:24.478{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Mozilla Firefox\firefox.exeBinary Data 10341000x8000000000000000168841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-45EA-60D0-9F00-00000000D001}48562564C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\windows.storage.dll+11a32|C:\Windows\System32\windows.storage.dll+11729|C:\Windows\System32\windows.storage.dll+115ff|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHLWAPI.dll+e1f7 154100x8000000000000000168833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.456{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000168864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.588{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B75140B0610A6D7A70A5D01B26038FF,SHA256=5271FA6A63FAA6466DC5CCF7F4A231E1629661EA947C53270BA86072A939E72D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.478{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF775A7E8E63DF0C3A166342B87C53F5,SHA256=A36CC80C94139F393BE8B71D2E216030E6262941498285A664C024DFE0C64F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.478{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=013B2AE15F84725E9C5DE45CE9442454,SHA256=F6B050635FDE5F13EA9055FBFDF8A0E67067F34F69F5F5B493A06777B92107F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.994{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF775A7E8E63DF0C3A166342B87C53F5,SHA256=A36CC80C94139F393BE8B71D2E216030E6262941498285A664C024DFE0C64F48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.978{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.978{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99E3F2D711D32708A5340558565AD1E5,SHA256=C277DECCB033004B61883FA72E878A1C7794F5EBC0C35E5998879B6F8C47B370,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.19.71512234C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.18.70820490C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.17.1185882C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.15.90127878C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.16.165603562C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.14.105353657C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.20.122210486C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.3.111652418C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.963{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.3.111652418C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.947{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.2.109921930C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.2.109921930C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.1.10061262C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.1.10061262C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.0.142768412C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.0.142768412C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-1C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.26.10555678C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.25.103014797C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.24.127915752C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.23.182595785C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.22.188573075C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.21.111821617C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000169068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000169050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.925{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.20.1222104863\1771910942" -childID 3 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 1808 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2944 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=348CD1716FDAD4BF93EB4CE2A4317986,SHA256=CD6352ED322B6070BAC668E3B217E7B6DE05FD83C6FA8885E7EE2FC693487725,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000169041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.20.122210486C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.13.174501231C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.885{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.19.71512234C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.18.70820490C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.17.1185882C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.16.165603562C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.15.90127878C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.14.105353657C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000169023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4 10341000x8000000000000000169009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.858{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.13.1745012312\1609852241" -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 1768 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2740 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 18141800x8000000000000000168998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.12.4022916C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.11.155261098C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.10.163635055C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.8.132935352C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.9.176308918C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.7.162402058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.3.42085217C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.853{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.3.42085217C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000168988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.13.174501231C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.2.191079763C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.2.191079763C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.1.168249048C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.1.168249048C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.0.30736359C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.0.30736359C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.791{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.6.15490439C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a 10341000x8000000000000000168970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2 10341000x8000000000000000168969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a 10341000x8000000000000000168968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2 10341000x8000000000000000168967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000168966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 17141700x8000000000000000168965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.12.4022916C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.760{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.4768.0.207667644C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.4768.0.207667644C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.11.155261098C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.10.163635055C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.9.176308918C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.8.132935352C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.7.162402058C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000168952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000168938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000168937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.749{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.6.154904399\1720219803" -childID 1 -isForBrowser -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 1626 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2428 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000168929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.6.15490439C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 10341000x8000000000000000168927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 10341000x8000000000000000168926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 18141800x8000000000000000168925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.5.16402344C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130565f|C:\Program Files\Mozilla Firefox\xul.dll+1865196|C:\Program Files\Mozilla Firefox\xul.dll+57ee7f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 18141800x8000000000000000168923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.4.12834345C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.5.16402344C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+13054bf|C:\Program Files\Mozilla Firefox\xul.dll+1864ff1|C:\Program Files\Mozilla Firefox\xul.dll+57ee77|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 17141700x8000000000000000168920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.4.12834345C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.3.49702394C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130531f|C:\Program Files\Mozilla Firefox\xul.dll+1864dea|C:\Program Files\Mozilla Firefox\xul.dll+57ee6f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 17141700x8000000000000000168917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.3.49702394C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000168916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walMD5=E09136CD6CF3399BBB95A31CBD265C61,SHA256=531A4098C5893297AFB034D906D559C4CADC17FE6F98B541693FF3FEDB510E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=85DE0B4457ABAAA7F60F8199BE5C5CA4,SHA256=1DCCAAD75A427108F41BC850B80DCAF8E40CDAEBD27E6A148DA5B99380D1637A,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000168914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.588{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.3876.1.206105084C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000168913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=E89F02436807848D277A4C41157146CF,SHA256=4F2A9EE33456F9BAAFB9D389663AC08843C9267C1105A474F5F16E36D38B2439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=1C44255CD5640F1D0AC5FF1095ED5D3A,SHA256=14CD3BC82A71A5EB4EB4623EA746D1CBA152652E20EC84BC2F80E97035E8B097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=E22B4234B14644BDB6CB9B7B4009C40B,SHA256=F803AB4E2BFB1DBD0AC64B966AD7E1E6A95044857D7C01BEC9E43F80F927EFFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=E1D329C33D0AC1D2C6FAFAE4822CF15B,SHA256=F9E0617B5E636163B002B92ACBE9DF127DB3179C3ECDA4E6A05C646ED7D89B7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.556{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.541{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=D3514C970C8403131CA3D6D8173850BD,SHA256=9E475DA3D3D035AC633DE523E7E4ECDDD72BDDAAF7E8E5129A507D666FAA1827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.541{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=798FA10B6C03E8A42B2D9AF5493F49BD,SHA256=5F5C6E6D0EF46A85AB09463B04E4C93F3C7DA07C826ECF8BA956A05E633BEF80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.525{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=2761D64F3DE5F69551A88DC1A0F918E9,SHA256=1B8BB5CEE40C42580ACD3A1D9E2811FE34194D0F0BD049CD1CFB40A3AB3CCDAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.525{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=4ABECF239732C621CAFF0CBA23131751,SHA256=F53FBD75AE7FFB182CEEB9EBF22D87563F99BC47FEF0245A13C2091A4676E32F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=162C5DE6FC9F5EE6BD03A8481BC77EB7,SHA256=B53366718698BB17F83935B1EB4E252ACF408775886318B1A72EFC91DA8F53FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\times.jsonMD5=185B1276011382AE5CBFA407B4287324,SHA256=D3630AD452FD3A3E1CFAC4C6FFAE7FB0CE2011F6D2EC0611E8AA5A574881CEB3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+1282d98|C:\Program Files\Mozilla Firefox\xul.dll+13053ef|C:\Program Files\Mozilla Firefox\xul.dll+186537b|C:\Program Files\Mozilla Firefox\xul.dll+1863986|C:\Program Files\Mozilla Firefox\xul.dll+1192d84|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000168901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.2.3987324C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.2.3987324C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.1.206105084C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.338{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.3876.0.119571099C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.338{D8DCB3A2-A282-60D0-3210-00000000D001}4768\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.322{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.322{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+25e534|C:\Program Files\Mozilla Firefox\xul.dll+1215769|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.316{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.0.1195710998\695041431" -parentBuildID 20210614221319 -prefsHandle 1792 -prefMapHandle 1612 -prefsLen 1 -prefMapSize 232815 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 1864 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000168882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.0.119571099C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000168876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.153{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50735-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.275{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.119{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=FF05880A6E481192E3D28A68679BC7BC,SHA256=44E55FC44D24D0A05E5BCD1FB68E5E38E1743EFEAE1D170F10EF2BA6A9F596B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.072{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=A577C86B34B658F4303992B124DBFEFB,SHA256=5FCF229635F3248B648ED2EB07E6477907B83066595F9272E3CC3FC2AE6053C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.072{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=112CDA8A919322CA5BB0C65F7E0D4B23,SHA256=BCC30C490AA525DA5C2B6573DB75B759CEE225226D005DFC4003F3A7778A2367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=5BC5CEF52D041FB4838CA88E4F08EFEE,SHA256=A9414086BC76EF60913CC4E1283563B7B2F733563FFE20521CB76612D28D8BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=587E0A6D08E5B16812F8D8011FF8AD92,SHA256=0EC0FE36A078D95C7D92ED631114CEFFD6DC375FAC82FC2F06215437D56B6943,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=3DE7A15A7461DAFE639C193B10FDE025,SHA256=CEAC376CEBBD5504DDC9BA9931B2F8E830F24DE0AE4707218B741A3CA136B550,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.025{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.010{D8DCB3A2-4534-60D0-1600-00000000D001}13044984C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.994{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.972{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walMD5=108D10E9C77EF2DAD7059E8E75B23215,SHA256=B57CCEDDC2A0FC2ECF5EC4946BF4E0C60C963DE81D2D9A959C7E52C81A42362F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.972{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=7C67A0FF211594F51BA79914CE50C36A,SHA256=55E60D35759A62B81EEA07B74EF5462D8A55CEE600C6F1184A58102DBB266DD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.956{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=185B569E04F551FA06DE549A587935DC,SHA256=31E7B86AEF2FA61C0E1BD5287A183D2BD954482552B591E29E18B6345E31A6A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.953{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=457116A3B48FDD4492A4CBBA6E986A06,SHA256=994524C651638D20FE015ACA8A6EEDC422FC1A12351FECD72700E1AE6CEBBB41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.934{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walMD5=879CF757B49C268701DE8EB539924725,SHA256=6E1FD54077FBDCEB1AD5EAE343DF0A524A4B99A4765DBEE68F74C4744C24F86D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.934{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=F1788E445C957AD80E427CD190AD3289,SHA256=5A6CB13837B02340ADD40DD3261949AFA45D3AD758DAF2E9BA8DE73C843FD7DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.919{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=6BA05C256FF1C53427DFC4D91F9CCDD2,SHA256=9472B79388BEECEF757DC6E6430A676661C023C04A70F8380E1F6370B0914165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.919{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=4B5247636AB55AF819221726D2A9ECBD,SHA256=D0A84890BEDE1BC8897E536452E7ED76B775594086971A37206205269EE0B463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=359452B4D29107906FCB466A5F38CF12,SHA256=1276C6914DD51CDE17612DB947D9F4380952EAEC22BB9A633EE76C433F59E77C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.872{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.834{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=B6AFD18F164377453769436D26490730,SHA256=E962085661B9E37B9CEC9C5916FA609AA714C51FF7C4712F16568A3AB3D24A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.834{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=4787CFC792277B2C0DB290F30BE0F34A,SHA256=AC91C330F93BDC0D52B6DEB308A6AB9342495D52C0B17937336DFDD69E41729F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=2C0D6DF2EDCF81E3B77FD99AB04069D9,SHA256=AB26CAEA16A1837FE561F3627C26B2AD2DCA231285298F867DD3473D4D79BAA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=2A2E1B7384807A6B902052F2B87495E8,SHA256=B6FD1FC013B916731749A7812A693B7D0BA1CF04E052F358E8F081B1CBEA92BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=9F794F5E30C8CAA69235462E0C69A52F,SHA256=014CC3157EA1DACFD2C8184114F544D7AF51C452DCC2D5B7172611F5331CC37C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.754{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=2126E9B430728CFB52FDF8120A7F1E3E,SHA256=743EED1A2DE250D2F74FB33512CDAF44CC2E51C2274D264888A69C2576FDDA4D,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000169284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.703{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.4.112602582C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.703{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.4.112602582C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=A06CFEAA01CD92FE10A6DAB36CF452BF,SHA256=339F5932D6F2D67656EF3AAA5910AB079D877662C5632868FF0CF8EC0FCFFA5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=5A4267DE0DC607975AA69203A785F71A,SHA256=FDC7143A1B42109F578158A52270539514B61A4E5DACAFC2CFF5674B1C36772C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.656{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000169272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.656{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 23542300x8000000000000000169271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=734F55B097AF73F79D413D76E21ECBFF,SHA256=DADD7EBEC9FB53D1441C579488F799D29A4391F182707CF73DC9DBABFE9B1EB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 10341000x8000000000000000169269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 10341000x8000000000000000169268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 23542300x8000000000000000169267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=6B463F5DEF50B33E26D958C50D534BD8,SHA256=0EF1ECA1566FB3E603E2FBC25893B388E30164E42E2D2151034F37CB88137558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=21FF0C5E6CF36E44E44DC1B9F66D025E,SHA256=89CEC6BA70F6A88E7F70B39D15CA31BBD099C5E06EC34E6D9D02F535C8DF7D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=637B9ABF16333818FE02DF028D4658DC,SHA256=8DDA1D8A2C4D688379D6EB969106304E6FFAF740D14E5695572F4FAA8DAD663A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=3C3DDA258D2E8DDF2A4E7DE7583A67A2,SHA256=7DD53C38BA463C17D121BFCFE8A839F7695E875936799A534C0E106041E14E5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=10094A0EB1A9CE5AB07739FFABCC43C0,SHA256=E115B9FE55C8AAA2A7858D245EDDB047706607202DD35C54BA7B80FEE8C053DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 23542300x8000000000000000169258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walMD5=1632F3E5AC567324954ACDD329C25087,SHA256=13756008689077293D553DA6905A4E876A741D0AA82BA6CF3802FF9294FA2977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=999B0DD5239D496300028691C18EA680,SHA256=219B0729E4522C3D0BD27C6734D2CDB797025350F17E55400C84166813842232,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000169255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F29B7AD7A595BD5850AE9C2C6056FD6B,SHA256=425869BA0C7D42F84247B1F70C688C14463620C20BC26C2C05B6AEF7593087D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.556{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=A163169C2835C477FACA63D18B62EDD1,SHA256=F32FE291B2B9C29E4C869119E0820BEBBD2D6DE6623CC2BB095EFFE0652F3603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.553{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=B80233DED4F8A1B10EB395BDAEA5A10F,SHA256=47AC77DEF6EC7AD45C93F1E4353D8C974037225CFADED0A814996D7A2ECFEA8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000169245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.503{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d1f3d|C:\Program Files\Mozilla Firefox\xul.dll+29d3764|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 18141800x8000000000000000169239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.503{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.4.211645070C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.503{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.4.211645070C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.488{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.488{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\content-prefs.sqlite-journalMD5=6602149E6FAD56431075203DDB013E51,SHA256=47B0DE4CE7BDB831C7F2649E8D86FBEABB2B68637EA80ED1F3C60D3D79630891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7B93837B4E3C728C32FF76BD26DBF8,SHA256=2FFF99250875CA9DB87A528C6BFE6F2756F98B3BE42544C7CCC7A551DD2FFC10,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=9712AA36C990EA0107E395D9BD8A01B5,SHA256=FC06F01F51A8C50B5ADD55293AF6833665C6E3CDC88BFB7C2C4AF64F11FE02E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=E772DCD880EF3B35EE7AD0BC2877258A,SHA256=802329F2FD84B7AF600EAE0AA1C2A817621A0C70B7267C484EF2C4230D0FA232,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.452{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=D441D700E0154951F252E00D044848AD,SHA256=DEF79DB29DF2C7FEE38485F287CAA055F6D975B2F81849092405B2221F8D7ACF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=9A1492C77E9A2F86E5A198C0EAB2804E,SHA256=8DB13D2BD0AB4864C1C366A73EF4251472296A01211B548C5D8627CFFDBBF268,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.404{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d79c0|C:\Program Files\Mozilla Firefox\xul.dll+29b168e|C:\Program Files\Mozilla Firefox\xul.dll+1a716e6|C:\Program Files\Mozilla Firefox\xul.dll+4d41c2|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+20a5a9|C:\Program Files\Mozilla Firefox\xul.dll+2df3052|C:\Program Files\Mozilla Firefox\xul.dll+84609b|C:\Program Files\Mozilla Firefox\xul.dll+1e5c61|C:\Program Files\Mozilla Firefox\xul.dll+37f3ca2|C:\Program Files\Mozilla Firefox\xul.dll+198566b|C:\Program Files\Mozilla Firefox\xul.dll+1987d4b|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 23542300x8000000000000000169216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\extensions.jsonMD5=70346B8582B24BBC49D06F831341E859,SHA256=35357F1D0555882EA74E90A2BDEC37F8E9953E24DA999014EEF87D7EB55333F1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16dd504|C:\Program Files\Mozilla Firefox\xul.dll+16dd3f3|C:\Program Files\Mozilla Firefox\xul.dll+178fb6f|C:\Program Files\Mozilla Firefox\xul.dll+178f3bc|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+733f4c|C:\Program Files\Mozilla Firefox\xul.dll+22380ad|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+6eef2e|C:\Program Files\Mozilla Firefox\xul.dll+7741cd 10341000x8000000000000000169213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+17e7660|C:\Program Files\Mozilla Firefox\xul.dll+16998f0|C:\Program Files\Mozilla Firefox\xul.dll+16985f4|C:\Program Files\Mozilla Firefox\xul.dll+1698524|C:\Program Files\Mozilla Firefox\xul.dll+682381|C:\Program Files\Mozilla Firefox\xul.dll+68167b|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+16904e1|C:\Program Files\Mozilla Firefox\xul.dll+179098d|C:\Program Files\Mozilla Firefox\xul.dll+222a510|C:\Program Files\Mozilla Firefox\xul.dll+222a017|C:\Program Files\Mozilla Firefox\xul.dll+2237d7d|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+16904e1|C:\Program Files\Mozilla Firefox\xul.dll+179098d|C:\Program Files\Mozilla Firefox\xul.dll+222a510|C:\Program Files\Mozilla Firefox\xul.dll+222a017|C:\Program Files\Mozilla Firefox\xul.dll+2237d7d|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa 10341000x8000000000000000169211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b6022|C:\Program Files\Mozilla Firefox\xul.dll+29ee0e5|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.357{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.353{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.335{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.335{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.319{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-50737-false127.0.0.1-50736- 354300x8000000000000000169192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-50737-false127.0.0.1-50736- 23542300x8000000000000000169191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-walMD5=040676C983A7154AD92111F9F3F1C412,SHA256=4693226A4BC70334926BFF47C79F21D29795CF4325AE83097843238DA71D7487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=0ECF7DBB2342D989C8A88473090E4D02,SHA256=6AB42A8FFC43BF41990FD405F5184FC60B387A87F981679E94900DC30484B947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-journalMD5=BB539596E7788EEED7BDEE1725BCC09D,SHA256=39EC1B8B3F18AA60C3A60FAB777A71F29CC2DE69F31A26A4CDE2E78AF21A8985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=EA4A2C5F70B73069A662C93C9128A105,SHA256=DD0827226566BE8A1464683800BC23AC0C19533DE9347F3B3B53EB40FD37B140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=E25360C90142934DEDF68A3F4328BAD0,SHA256=E4E1730C061AB5478431C47272126E0F626A5387E08486EBAAA73C87ED607A85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-journalMD5=F8AB23AC9011795281D4348A26F7F1F7,SHA256=9A31BBCA4971BAF76869B95E59E50773FB117D01C1F640DDEEDC85DD0AA54675,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=970D1300074A8712875948BDEDA1984A,SHA256=ED78CB3C299C87FD3A2B442C27642198586F0756CA307307FD763E4B75FF4ABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=42CAE9D268EF01835D4C092C12BEFEBA,SHA256=4621A0F3A1BEEE9956BF07BF76E98C8CF8574D055F1D311E4F077570D85D28C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA4931303538D00F00208C8C350C26FD,SHA256=5FA7EC9BAC78F1C58EA2B6E9BA4614DF018BCBCBC0D032CE035230DC4373E3AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-journalMD5=2FBBBAD4840B48E85970F4A8FF715217,SHA256=44E4F3C84F59348570FF5F1D3CC40ADDB5B59D8909F5CBE23E593C7085832B31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=C46F3406BD92B2100BB911ED2FB76CA7,SHA256=CE7A32D4BF13F560CC466B7752D421524C902B93065B4FF975DD4D7CFE9B6295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=535CE42E475C448D65D3ED87350003BC,SHA256=79BFFC839B5683DF7810F85D476BAAA2EDF654264B91FD8D8E2FCC36C0CAAC45,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.235{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=6677043E1F5C6C1A8CFE31D1F1688A73,SHA256=3A96ABD3BDB261AD3662F97F058C9839922B5E13A823D0ADE45053E96713C29A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.235{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=7A62A899B3E4DF6D110696C87B2ADE09,SHA256=68FF1D6F49650A469C79CF0C08D17454E47B7359769B51B33A0B83CE0FD2B515,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-journalMD5=D015698D97667FB206314709CE3FDC86,SHA256=2EA041A12B4F25101B47FBD6AEE34056A76A78E3379E2287ADCAA4207A6E7043,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000169165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000169164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 23542300x8000000000000000169163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=22105E7CBCF34A40523F0E809571E28B,SHA256=0BA5F272F138642EAD00C0AC66DA170D44538AAD53DCD8F0730D3C92FD15461E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.188{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000169145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000169144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 23542300x8000000000000000169143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.135{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\key4.db-journalMD5=A4B7A2CA7D4224DE87B55007A0B8C8C7,SHA256=3A6B3B68DEE6416E5E0558655FF4AA2871ABF9DD59B1D11623F9D4B6575828DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.135{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\key4.db-journalMD5=A69C9348DCAE4A91A54AFC75819248AE,SHA256=B9958B84037DDFCF6E568CC2F35F41309CB3B21C48D3B0DB81020062478DF931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.119{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=B888C5E6D6522E7E6A3AE5FF5F79CED8,SHA256=DAB800F25A0C7458701146C64589F41049E3C713A373F77A5E6B08D79AE8A811,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000169140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.088{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\pkcs11.txt2021-06-21 14:30:27.088 23542300x8000000000000000169139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.057{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC3864375AE0075A522A6F35C960103,SHA256=BD0F7575EE2E9BDC5BBD22909C033CB6B63B9B28E18E74BAB2959092A6A6DD6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.048{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2bbef01|C:\Program Files\Mozilla Firefox\xul.dll+2bbee09|C:\Program Files\Mozilla Firefox\xul.dll+2c83ac5|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 10341000x8000000000000000169137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.045{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.043{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.26.10555678C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.25.103014797C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.24.127915752C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.22.188573075C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.23.182595785C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.21.111821617C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.3.128053753C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.025{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.3.128053753C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.2.74883394C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.2.74883394C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.1.214720471C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.1.214720471C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.0.62768067C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.0.62768067C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.971{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.933{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.933{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50747-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000169475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50118- 354300x8000000000000000169474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63105- 354300x8000000000000000169473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54828- 354300x8000000000000000169472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.769{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54650- 354300x8000000000000000169471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.768{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local51834- 354300x8000000000000000169470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.741{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50745-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.711{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50743-false44.239.56.69ec2-44-239-56-69.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.649{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50746-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000169467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62958- 354300x8000000000000000169466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50744-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000169465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50219- 354300x8000000000000000169464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.602{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56013- 354300x8000000000000000169463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.600{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55731- 10341000x8000000000000000169462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.818{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.802{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.786{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.771{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.755{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.671{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCAF23CEB029219D16244B7DF2352264,SHA256=B421377104106055C9CFA9591D799328CC82B6B75E5374AD00989984036CEC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.618{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\pending_pings\ddd85381-5bba-43b6-96fe-2cad9e7575a6MD5=1F386DF7026EF383D23C2A1BD5B4A307,SHA256=630B254EAE4A637D32E019994A6D1CB6428110417A33394CB3698D0A9214B75F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.602{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.602{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62079- 354300x8000000000000000169452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57127- 354300x8000000000000000169451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.564{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50742-false93.184.220.29-80http 354300x8000000000000000169450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.562{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62115- 354300x8000000000000000169449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.558{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50741-false104.18.165.34-443https 354300x8000000000000000169448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.558{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50298- 354300x8000000000000000169447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.557{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59177- 354300x8000000000000000169446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.555{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local60935- 354300x8000000000000000169445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.553{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64300- 354300x8000000000000000169444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.336{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50739-false44.236.127.247ec2-44-236-127-247.us-west-2.compute.amazonaws.com443https 23542300x8000000000000000169443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.455{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.402{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.402{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=22B22C343F4A47D9A4EF5B6A9929C230,SHA256=9BC210BFD9216AACCEDD76E7839E59F58E1509FC90EB2E15FA89D8E06A08A0F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.371{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E20173173ADBBC69F77258FC45307A13,SHA256=1A98ECFF299E07E5E6F9ABADFC84C6309A7C8588C69851CA6DCD3F46C4CFD8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.355{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.198{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50740-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000169437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.197{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56892- 354300x8000000000000000169436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.196{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59395- 354300x8000000000000000169435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.194{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50445- 354300x8000000000000000169434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.194{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64055- 354300x8000000000000000169433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.190{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50738-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000169432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.189{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50486- 354300x8000000000000000169431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.189{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62845- 354300x8000000000000000169430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.184{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64454- 18141800x8000000000000000169429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.32.40311901C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.287{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12287DCACDE0AA570ABE8EA755A9F012,SHA256=39E21B42AA19044582F5D42F0363CC92BED555D44D01A8C61D229FA2D37D8882,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000169426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.33.49470356C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.31.93323913C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.29.149125230C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.30.89286921C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.28.155369991C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.271{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.271{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2060.2.169528068C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2060.1.20204740C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.2.169528068C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.1.20204740C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.0.54304250C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.0.54304250C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.256{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.256{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.252{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC62F8ABA3302683E55657AD6EE1410E,SHA256=27F60FC58D88366C8098DACA169763F447D3C58CBFC83CCD6CB046B1407C96CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-3C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-3C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.959{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod-classifyclient.normandy.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.958{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod-classifyclient.normandy.prod.cloudops.mozgcp.net034.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.785{D8DCB3A2-A280-60D0-3010-00000000D001}3876d2nxq2uap88usk.cloudfront.net02600:9000:21f3:1a00:a:da5e:7900:93a1;2600:9000:21f3:600:a:da5e:7900:93a1;2600:9000:21f3:ae00:a:da5e:7900:93a1;2600:9000:21f3:f600:a:da5e:7900:93a1;2600:9000:21f3:2e00:a:da5e:7900:93a1;2600:9000:21f3:4c00:a:da5e:7900:93a1;2600:9000:21f3:c00:a:da5e:7900:93a1;2600:9000:21f3:7e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.783{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.782{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com044.235.246.155;44.236.72.93;44.236.48.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.781{D8DCB3A2-A280-60D0-3010-00000000D001}3876d2nxq2uap88usk.cloudfront.net0143.204.98.30;143.204.98.118;143.204.98.120;143.204.98.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.781{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com0::ffff:44.236.48.31;::ffff:44.235.246.155;::ffff:44.236.72.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.617{D8DCB3A2-A280-60D0-3010-00000000D001}3876pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.614{D8DCB3A2-A280-60D0-3010-00000000D001}3876pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com034.216.113.46;34.216.18.93;44.239.250.14;52.33.45.66;44.235.28.153;34.215.151.143;54.149.208.57;52.13.236.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.582{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.580{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com054.187.81.18;34.211.81.19;44.239.56.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.579{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com0::ffff:44.239.56.69;::ffff:54.187.81.18;::ffff:34.211.81.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.576{D8DCB3A2-A280-60D0-3010-00000000D001}3876cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.574{D8DCB3A2-A280-60D0-3010-00000000D001}3876cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.573{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.mozilla.org.cdn.cloudflare.net02606:4700::6812:a522;2606:4700::6812:a422;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.mozilla.org.cdn.cloudflare.net0104.18.164.34;104.18.165.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.209{D8DCB3A2-A280-60D0-3010-00000000D001}3876example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.209{D8DCB3A2-A280-60D0-3010-00000000D001}3876example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.202{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.200{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.198{D8DCB3A2-A280-60D0-3010-00000000D001}3876detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.27.13442277C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000169381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=A77576EDDD2F31C885DA4C5F54985DD8,SHA256=07D37E677D28A3F7DB235A2E6829BCA311744E5A95BA003F6299BD5377135466,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.33.49470356C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.32.40311901C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.31.93323913C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.30.89286921C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.29.149125230C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.28.155369991C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000169353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.152{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.27.134422773\1824544100" -childID 4 -isForBrowser -prefsHandle 4444 -prefMapHandle 4432 -prefsLen 10575 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4448 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\extensions.jsonMD5=5BF43CCE329DD1C8A4A3FB31410B2D83,SHA256=6978797EA909A7150F1D8E8CF65AF8ABA7AA23DB8AD49AD08BFCEB60DECA3AF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.27.13442277C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4D801C6594D034F99784FE7A1CCA23AB,SHA256=AD9C001B76B72BAAA859F2C4E267E803F3209C6CE64FE2F1639CB336BEDB7945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=E14DE9A421584E6D60FC9FEF4F571A15,SHA256=EDF81A8D2BC9A44324036A16C1C8AC80A1AF6881C9DF816B77D1C47CDD30D6C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=06EC67E65B9771D35BE092AF4181CB61,SHA256=34AE0D505471838A20D772EAE6A071D97B5D76337383ED5B982E302E3E50AC55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=50AB2305996402289FAB95496259DADA,SHA256=F44E73D7C799E216E5B6A736EF77F2CB3BED470E5CA67F1242DB40F84D19E531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=50AB2305996402289FAB95496259DADA,SHA256=F44E73D7C799E216E5B6A736EF77F2CB3BED470E5CA67F1242DB40F84D19E531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=468F5EF57F0A3457C14F3B7B82CB4B0A,SHA256=DEB1457B6E326570F373021DDA19DF798C9255D052281BA4BA1E9F2DEA423A93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=F2164A616C33F76C4B2E26FD4C2BAB98,SHA256=BDCD29890DBE8857E8DBAB1E39E16D7C9A577CEEEA12CEF6705543E1603BF220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=503E05123CEDDE6E52A4174784E01011,SHA256=C4EBAC7FA48FF9E068F0923E7EB685788F454AED71FBB7E8A6C5094E3CA462D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=2D65A821D8071520427FAC2AE63A548F,SHA256=C8C094A531900A78043E84863A5F5E1C75F3DD93B2E03D83109600B3449A7C99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=BEF44CECCE7393AFC298F550D84E5CD2,SHA256=D7F4D53C0CADCB36E30197751C5A67D944BA0B8F2BEB8D8FEB68958A62131F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.jsonMD5=FE74F5C38F433736EE7015868CFB159E,SHA256=3F7B3252EF3B6217AD78ADB7007738601CE1EEBCA69F55990B64BF254BD4FC63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4F7287DE2A1A90B5E2D49B87C79F864F,SHA256=D6E5F93FE48974FD61ABC3D3A8CC265FCD108FA31DBC8143C703D8AAE8C35E5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=D511828E4ABAB966E6E0780CD088EF8B,SHA256=E741EA9F3CC01EF523816A2DDCF8597D6F092738D09B82482B13D6DE12F42B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=309735B3610ED7E5BE83D2A3DC03F99F,SHA256=C41293CA17F928319C0A829A081E1F07E7A2A9CC81CE076F7147D338BDA0E2A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=53D2D2770F3AC3A9EC8A08E37AFCDDD3,SHA256=A59F4589F991CEE8DE09C1000384BD3E39D78CD5EC5A0E51614F74555D1E1545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4F208A9A498B576E819C4AC967DCC9D5,SHA256=B4A78BAC4E5BDE5CB51BC2C8F9D3F0CAA84FCF4B9C7C1C9B087D8552B388CAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=7E2A1BEBF3B83D01978C16ECC0450781,SHA256=F018A039A5582074C429448ECBB5CC09593D7EB1B6776623E767B98D0CE2D65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=66C6CF19B0E6C0EC6C51BC2833BC4DE6,SHA256=2AD920E22BD268C8045FFE3B478984A1BBD3049728BEB9426700B81B81665F88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=FBD07E487622F16113FE039ED60A7BCC,SHA256=836981C463FD3E96BA9A106A328078CA702A8C55B79617B2DD73E55C0B6949CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=14301291C03ED6E855D566BF52029DAA,SHA256=29D80F81AB3E533CC331AD652C10F5FBA0F189CB7A6D62F5DF1566D5A87D3FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=E9A4D52D1B7138F231B1A11A8BB73F1B,SHA256=B7175CF90D9154978828B4C6E69A77140B91F8C9B4607F2F3E6E6101F83F12E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=6552D09B62C6DCB33D7F935F4A5AD213,SHA256=AFE060610D134BDA2A71C746AC3BD99E11426BAA1DCDE607522BA6836122EC72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5023A8C15E4F42328E9E43B24F2D7645,SHA256=6BD33005A6172BF70B0FF146F49D4263F51AE8987FAA33766E1A95717FA8ADA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.970{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8448094CA28D6D08AEE52F9B476F1A6,SHA256=BCC1EA5CE434D6EFD5BD0745F2967BC6576C420EE2FE28A6606DBDA495124259,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.687{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50774-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.669{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50773-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.656{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50772-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.636{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50771-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.623{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50770-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 23542300x8000000000000000169539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.832{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50769-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.592{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50768-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.571{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50767-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.553{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50766-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.517{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50765-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.494{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50764-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.480{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50763-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50762-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.442{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50761-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.404{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50760-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50759-false13.32.25.77server-13-32-25-77.fra56.r.cloudfront.net443https 23542300x8000000000000000169527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.386{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.343{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55723- 354300x8000000000000000169525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.327{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50758-false143.204.93.114server-143-204-93-114.fra50.r.cloudfront.net443https 354300x8000000000000000169524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.327{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59073- 354300x8000000000000000169523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.281{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50757-false143.204.98.4server-143-204-98-4.fra50.r.cloudfront.net443https 354300x8000000000000000169522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.281{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55698- 354300x8000000000000000169521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.280{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57536- 354300x8000000000000000169520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.264{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50337- 354300x8000000000000000169519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.246{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50754-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.238{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50756-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000169517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.172{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50755-false93.184.220.29-80http 354300x8000000000000000169516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61787- 354300x8000000000000000169515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64734- 354300x8000000000000000169514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.097{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50752-false44.238.3.246ec2-44-238-3-246.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.096{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50753-false95.101.81.51a95-101-81-51.deploy.static.akamaitechnologies.com80http 354300x8000000000000000169512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.095{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56000- 354300x8000000000000000169511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.092{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54685- 354300x8000000000000000169510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64883- 354300x8000000000000000169509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50505- 354300x8000000000000000169508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63640- 354300x8000000000000000169507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64734- 354300x8000000000000000169506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.080{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64817- 354300x8000000000000000169505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.080{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local61787- 354300x8000000000000000169504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.079{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57369- 354300x8000000000000000169503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.079{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63441- 354300x8000000000000000169502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.017{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50749-false54.201.97.206ec2-54-201-97-206.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.958{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57821- 354300x8000000000000000169500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.956{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58943- 354300x8000000000000000169499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50751-false34.98.75.3636.75.98.34.bc.googleusercontent.com443https 23542300x8000000000000000169498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.255{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD716658A4C6A2096EE878F35381FC9A,SHA256=8DC61825690460E51D1E629197F054183E3D269A38EB1A099749E0B52CE44275,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000169497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.369{D8DCB3A2-A280-60D0-3010-00000000D001}3876d1zkz3k4cclnv6.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.355{D8DCB3A2-A280-60D0-3010-00000000D001}3876d1zkz3k4cclnv6.cloudfront.net013.32.25.82;13.32.25.8;13.32.25.111;13.32.25.77;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.341{D8DCB3A2-A280-60D0-3010-00000000D001}3876dzlgdtxcws9pb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.339{D8DCB3A2-A280-60D0-3010-00000000D001}3876dzlgdtxcws9pb.cloudfront.net0143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.338{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.113{D8DCB3A2-A280-60D0-3010-00000000D001}3876a1887.dscq.akamai.net02a02:26f0:1700:f::1737:a1a4;2a02:26f0:1700:f::1737:a194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.107{D8DCB3A2-A280-60D0-3010-00000000D001}3876a1887.dscq.akamai.net095.101.81.35;95.101.81.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.106{D8DCB3A2-A280-60D0-3010-00000000D001}3876r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:95.101.81.51;::ffff:95.101.81.35;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000169489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.947{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62475- 354300x8000000000000000169488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.946{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65365- 354300x8000000000000000169487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.933{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50750-false143.204.205.86server-143-204-205-86.fra53.r.cloudfront.net443https 354300x8000000000000000169486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.932{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63950- 354300x8000000000000000169485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.920{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50748-false44.236.48.31ec2-44-236-48-31.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.878{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58401- 354300x8000000000000000169483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.875{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54708- 10341000x8000000000000000169482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.086{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000169481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.086{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.053{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.947{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=423C461183E48B11F424BBA9FADF19C9,SHA256=2169394CE9189B7FDA2134B4A5CBFEDE66D2D57E5A46200DD733F29A1B081209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.786{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=FE86E56DFF9C8FAF89E9AD747328AC11,SHA256=5C568F9A42D021CEC9143132300BF2B494BC779226F99F81B02299D7F9F8FA31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.654{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-A286-60D0-3C10-00000000D001}41164852C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\aborted-session-pingMD5=5E72C68A8925637FFFE5C5EA9AC5C646,SHA256=8211E8C760490330128430035A92E26CBC2FA069CA5E40947F3D5B38B335BBA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.626{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/7bd79f12-644d-433b-8bff-c2f2ad0fb4fc/first-shutdown/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\7bd79f12-644d-433b-8bff-c2f2ad0fb4fcC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000169620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-A286-60D0-3A10-00000000D001}48965536C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04CD79BF402035104DE05DD93F3EFC0D,SHA256=A3A41917FBA17DA3EE56433E9E4AAFCD380697B597C02524AF4C8F1CA86FC198,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.599{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/a5e30cc9-60f4-4342-9ad5-4ae59e602743/event/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\a5e30cc9-60f4-4342-9ad5-4ae59e602743C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000169608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.572{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-A286-60D0-3810-00000000D001}29242596C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\session-state.jsonMD5=9817034E7557012220CFB5729B83C10B,SHA256=8E9A6D2A630A89F5579C1B51678CC14E25B237136FE80EFD3845A26B36C59692,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.545{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/15b93bab-cb60-4657-b0e0-e129a01f12db/new-profile/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\15b93bab-cb60-4657-b0e0-e129a01f12dbC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.485{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=12B59BD84BFBC315FD271BD2F958732C,SHA256=72A19CC1E414F39C95A125B5C7F18EDB751C472632DE3B92D7ACEF057750FAD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=6D05279C979F9BDD02EC1C80067EFD62,SHA256=AF873CB9C1AF9EEAAFCC33A21743DAFE276FF11E97AAC7210B34ABC3488866FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=CA19BDBAC1DB10B7FA83E9B60AE9DB3F,SHA256=02CAC473B76607F195ED1FD967A8B9AC315159E2A989BE124BDD4662FA6C4D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walMD5=5F0A0E5E8C08C86815B4CB248408B05A,SHA256=1149E65AF4F2C71C98DF3DE11E4B4D9DD19FA528825817E72C8AC10E6632BA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=D4E134D142A56B832740AA8B7E29C30B,SHA256=9509ABAED9B548EE3898555C132BD84562B8FB54C55E40C2A3A51D5C79549849,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walMD5=17E505145A96B1F7B088252871999740,SHA256=F8F360775B9661C25FB63744F32A38E7797541AC903D82F6A757E5E38A470143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=5D076F7AA7536C1875335677E9241122,SHA256=21C20783380B1DF34F103BF86F3C82A91FF25FF9D8FFC762D4AAE1FFE60CD3DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walMD5=1E65DE2B146A0A0E3CB6CA1BA3AD9777,SHA256=DE33D02C0DDDF3E9D3330CCE65D11BA1AC788EABB580A23724DF78C544DFEA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=40DCD758F82AF625A38A13BA37D220A7,SHA256=F66C996FFF4F5671393F7129171E8C73E6AF5019CAA7BA5B6593CD8FF841F74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-walMD5=0AA1C70A2CB5726E8D05433A93575C11,SHA256=F28706F83DEBF46C8E378A87168FBD568EE8F010AB7678D2C366EDC51A943B45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-shmMD5=FD28ABDF1F7F073FEFA1AAECDAB8F6EF,SHA256=B417D255896FBCADB277289AE196B5490D77FB62949F3E8D96EADD1BA745BD46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-walMD5=1DF855DBF4029C74AB543AB1C8E652C2,SHA256=30145DA67540DC6EAA5383DEBD39E20AECE7498A2A609FA7605413A1EB2A3E08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.450{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=7F84D515A7F7F96D5E05C9F379C688DE,SHA256=97DA3E36AB23CF2388DC44696EDCB54852621F9B2B46AB81F213DD2D66885EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.432{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-walMD5=6112C3D5C639D704B94A05958F8F2D6D,SHA256=A264587CF95040A903F369D44816B45D49A302ABDB719C9257517A0F2D74B2BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.109{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65455- 354300x8000000000000000169579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.108{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local60590- 354300x8000000000000000169578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.108{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62677- 354300x8000000000000000169577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55830- 354300x8000000000000000169576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62896- 354300x8000000000000000169575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58586- 354300x8000000000000000169574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.719{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50776-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.700{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50775-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 23542300x8000000000000000169572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.417{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-shmMD5=A8A08AABE098CBFC6E1F917D340BAF0A,SHA256=B2721DF0229BB127AD3AD8F9EF574B6487031D09E77719777017A2622CC34AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.417{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=0754556B0F590E590F6E119D988453FA,SHA256=1E88E6FF9BAD58570D78F6EAF8654C16A531FA53BF015AB1AE77954E47991AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.401{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=6FDB0DC5B3E14B562C725918B4D5D514,SHA256=23D1460E2C10983D93D956572029EFBD167039182054910E6EDFACE2915E6461,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.401{D8DCB3A2-A282-60D0-3310-00000000D001}2836ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41MD5=D910AD167F0217587501FDCDB33CC544,SHA256=E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 11241100x8000000000000000169565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txt2021-06-21 14:30:30.385 23542300x8000000000000000169564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\protections.sqlite-journalMD5=C567A9CF4EC129A04FD82E950188DC4E,SHA256=FAB1FF167B645ECF3E1D8C552D274CF42A2F62D06D125DDC88A2C3028349B21A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.370{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\protections.sqlite-journalMD5=89AA8FAD8289E8E46D5418E331D777B7,SHA256=DEC686ADD3EE31EEED16B4E1455A42DB4DB7D751EE8DF7B77D024E58B1974E0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.370{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 23542300x8000000000000000169551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walMD5=A36CD294EB865DC11380B2A2C3436FAF,SHA256=323A372534176DE63AFDA1E59AA37030540518FCB2C57D266BDF13C8DD132532,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=7CA26B3FFD0B6FE776A19C6B25D87E1B,SHA256=A287028315E614EB3E722A4AB5D6F849FD06FEEB0681C382E40CCE259C9EC7CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.jsonlz4MD5=A2C83482E38CC3769FA5CC010E8989C9,SHA256=B1E05199427CECA4ED8C84D7A2F583C450E6AF5BE81295D06F1F0F8BC1C5A3F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.349{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.332{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d79c0|C:\Program Files\Mozilla Firefox\xul.dll+29b168e|C:\Program Files\Mozilla Firefox\xul.dll+1a716e6|C:\Program Files\Mozilla Firefox\xul.dll+4d41c2|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+20a5a9|C:\Program Files\Mozilla Firefox\xul.dll+2df3052|C:\Program Files\Mozilla Firefox\xul.dll+84609b|C:\Program Files\Mozilla Firefox\xul.dll+1e5c61|C:\Program Files\Mozilla Firefox\xul.dll+37f3ca2|C:\Program Files\Mozilla Firefox\xul.dll+198566b|C:\Program Files\Mozilla Firefox\xul.dll+1987d4b|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 23542300x8000000000000000169647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.947{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6150C60E52EF081E923A92C0ECA4C7,SHA256=B23503ED8C2FA35473DC78903E854ABDA44B9B84DD1974304C1D5A97A6C3A1EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.557{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3EBE01BCB438530D04FF743BDE6F354,SHA256=2FB71B12A2660CF5B04453BFCE744BD4C50B3EE226A4F65D89820D1877F14165,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.141{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55830- 23542300x8000000000000000169644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.354{D8DCB3A2-A286-60D0-3B10-00000000D001}4460ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\7bd79f12-644d-433b-8bff-c2f2ad0fb4fcMD5=8BA3C3D2569E16C8F4D81E4A5D3230BA,SHA256=31DEFDBC340CC80CF147E63A853EA1ACA302DDBD40DB2FA3A297A5114A399F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.338{D8DCB3A2-A286-60D0-3910-00000000D001}2712ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\a5e30cc9-60f4-4342-9ad5-4ae59e602743MD5=D6F96F2B38905C3966859707917D651E,SHA256=D83D6F179F3C3FA27441C62BF31D1588ACFF2D5F2E150E22FEAAE39103FE6E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.307{D8DCB3A2-A286-60D0-3710-00000000D001}4020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\15b93bab-cb60-4657-b0e0-e129a01f12dbMD5=D5E39C5B3C6A0F545654E847395F1E32,SHA256=6EFBE1CBD6E61176E177275472C41169E1A2C5B2EB5F42881DBF394045D8F0EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.963{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BC15D7F7860A08431F5FB06AA752EAC,SHA256=30D44C3525609B060709E2A15270B4116020452514642A5625F419F75C19CF04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000169659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.801{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50780-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.777{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50779-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.764{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50778-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.172{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50777-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000169655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.198{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.213{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6886A3F6423FFAB80D047DC71023ACBE,SHA256=13D3C08BDEBB2AACEE941F3CFFFA0C59C8C52667C8FB32DD4D09298E290C26C1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.104{D8DCB3A2-A288-60D0-3E10-00000000D001}55165060C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:34.635{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9B6F5B0A298DDB8F1772C220DDAE0C0,SHA256=0F13B3C26236C9660258FCB46D3D14FC5DCFE6C355DD5F959716BBF59B2791D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:34.182{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB4792B8DD5D17A89B17E2E677F31FB2,SHA256=6636B66B2F6908F1D47906A2D55521BF25E660B85D8E9319B58D0A6E582BD179,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.932{D8DCB3A2-A28B-60D0-4110-00000000D001}46165400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.776{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.244{D8DCB3A2-A28B-60D0-4010-00000000D001}32242140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.197{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=132E6EEB72FCA6B3F24A194D7DB42BFC,SHA256=1181F2F4E102D5D3DAE83FC8BDB8F141488D29CF3968739B787E2EF6EEA6EF51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.595{D8DCB3A2-A28C-60D0-4210-00000000D001}10204472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.456{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.229{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE16790F0DFCFB785D660F66F45E483E,SHA256=ECF63D5C7BA7393466226588654563FE289E3900730551689BAB86B11D2F0802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.104{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A79106DB655EF1AF938C383473E0454D,SHA256=68B17F9029C077116F0EE182FB55D6AAA97790F594B907C2057555CA616E7B47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.596{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96EC32C6B6EBFD2F79B2E3B6C9F4ACEC,SHA256=50F8A98DE51704E6B2E32EAABE98E51E24AF8E5A02CC8E9A99D45BB40D0E50E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.408{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30DC4E1F8A503D5AEA5A24E3B9585F54,SHA256=383287C4F65DEDC04F0FF4F06862C86971038021374F0D17E052F406A6639025,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-A28E-60D0-4A10-00000000D001}32766040C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-A28E-60D0-4810-00000000D001}54323284C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.981{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.js 10341000x8000000000000000169778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.939{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B457E181A1A622FB64B71034C94F1E24,SHA256=47D1145C8AC4950ABC620F21FC061A6BFC9D3E0657BB1D85B70E58AD2AD37DEF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50205944C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.914{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.jsC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" 13241300x8000000000000000169765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1060,RunKeySetValue2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exeHKLM\SOFTWARE\Microsoft\.NETFramework\ETWEnabledDWORD (0x00000000) 10341000x8000000000000000169764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-A28E-60D0-4610-00000000D001}6725556C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-A28E-60D0-4510-00000000D001}57885668C:\Windows\System32\net.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.852{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 11241100x8000000000000000169749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnk2021-06-21 14:30:38.845 10341000x8000000000000000169748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-A28E-60D0-4610-00000000D001}6725556C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-A28E-60D0-4410-00000000D001}50201524C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.805{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" 10341000x8000000000000000169737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000169735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.689{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\dasdasd.js.lnk2021-06-21 14:30:38.689 10341000x8000000000000000169734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4534-60D0-1400-00000000D001}10925876C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856836C:\Windows\Explorer.EXE{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+18cf7c|C:\Windows\System32\SHELL32.dll+18ccd3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.652{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000169723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5926703BD138EB9F507CEBA7088DC1,SHA256=E274EC2D24EE1479E1FB0C496FE360A196F0D80F8F88A11B1ABAA6A392230A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.611{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=766975D42230F62688B6D57B14140F89,SHA256=B1A596DCE643FE9D39205F2E7825086893A089E1B651A6E1527917972C951A3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.013{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50781-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000169851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49E692B5C0ACCF751B4CCA51EC3DE9AE,SHA256=2FC52E5B3C0C7268F9C8BF6022C3D94B7D4E30C09B86E875FA473ACD20C1EBB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C9A27BBA0B0E6FB054DC869B6454021,SHA256=AB098CDB8AA0520EF147232971DE6B5AD0FDE430706969696371ADEDA3AC6F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.220{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\dasdasd.jsMD5=976FEDDD31A7A63C498F982814F17B22,SHA256=3119DB10DD3BBE8777E9C27AAEA24207A50CD9336BAAD95AA74F4E4272DAD101,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-A28F-60D0-4F10-00000000D001}30164084C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-A28F-60D0-4E10-00000000D001}49125008C:\Windows\System32\net.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.175{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 10341000x8000000000000000169833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC8B2E99339C98DE04258AAED7ED3A97,SHA256=490E68FB17894C0797E5B95222C67CB8917A6686521D619A18BC062DC51B93DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-A28F-60D0-4F10-00000000D001}30164084C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885220C:\Windows\System32\cscript.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.146{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.080{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.080{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.064{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.064{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-A28E-60D0-4810-00000000D001}54324300C:\Windows\System32\WScript.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.055{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe5.812.10240.16384Microsoft ® Console Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationcscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.jsC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8552F94CFD39A4C307BCD1BD88D41604,SHA256=6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE,IMPHASH=77838A7D26CC1C7050C41CF6165BAD0E{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.js 13241300x8000000000000000169805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1060,RunKeySetValue2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnableDWORD (0x00000000) 10341000x8000000000000000169804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-A28E-60D0-4A10-00000000D001}32766040C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-A28E-60D0-4910-00000000D001}50763796C:\Windows\System32\net.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.010{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 11241100x8000000000000000169854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline2021-06-21 14:30:40.986 11241100x8000000000000000169853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:40.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dll2021-06-21 14:30:40.986 23542300x8000000000000000169852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.799{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D16F1CFA71F3EB1BA8F032A93039FB31,SHA256=3002FA9C0C301EA6876FB0416EF6F620162329B15F199CC4B8FBFFD429866510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E3481590F7204EF5D6B7E7CA717C45C,SHA256=A9935F1518846A06B2AAE322463D9BAD9240F9EAF0BF1B87EF9725AC6CD6A933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FB63DFF47E397D92420BCCE01DC266C,SHA256=5CF70E1D2B3865E472537F8EED429DAB467FC633D4EE1273284C98F5D621EB15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.736{D8DCB3A2-A291-60D0-5C10-00000000D001}5028ATTACKRANGE\AdministratorC:\Windows\System32\cmd.exeC:\$Recycle.Bin\S-1-5-~1\desktop.iniMD5=A526B9E7C716B3489D8CC062FBCE4005,SHA256=E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000170211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\fdPHost\StartDWORD (0x00000002) 13241300x8000000000000000170210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\upnphost\StartDWORD (0x00000002) 13241300x8000000000000000170209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\SstpSvc\StartDWORD (0x00000004) 13241300x8000000000000000170208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Dnscache\StartDWORD (0x00000002) 13241300x8000000000000000170207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\FDResPub\StartDWORD (0x00000002) 10341000x8000000000000000170206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.673{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.673{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\SSDPSRV\StartDWORD (0x00000002) 10341000x8000000000000000170201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.642{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.642{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A291-60D0-7210-00000000D001}56164468C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=998633B1ACEEF032F0B01BE2D4A9EBBF,SHA256=65EADA7490061905E87DE5DC9BBF38D74FBFE9B2EFAC4DFB1429D5531B7B8024,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-D00F-00000000D001}1292C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A031-60D0-8A0F-00000000D001}3428C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9900-00000000D001}4400C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A291-60D0-7010-00000000D001}53562392C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9000-00000000D001}2432C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884328C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6D10-00000000D001}15045636C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.589{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config MBAMService start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45BE-60D0-8400-00000000D001}1272C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6E10-00000000D001}48965840C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-4100-00000000D001}3512C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6C10-00000000D001}38161444C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3C00-00000000D001}3400C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-D00F-00000000D001}1292C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6B10-00000000D001}47646076C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-3000-00000000D001}1232C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A031-60D0-8A0F-00000000D001}3428C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2F00-00000000D001}1152C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A291-60D0-6610-00000000D001}32285304C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2500-00000000D001}2776C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-453D-60D0-2300-00000000D001}2612C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9900-00000000D001}4400C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4538-60D0-2100-00000000D001}2496C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4537-60D0-2000-00000000D001}2488C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1F00-00000000D001}2112C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A291-60D0-6510-00000000D001}36684148C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885200C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000170048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.569{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SstpSvc start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9000-00000000D001}2432C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45BE-60D0-8400-00000000D001}1272C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1700-00000000D001}1392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-4100-00000000D001}3512C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1400-00000000D001}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3C00-00000000D001}3400C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-3000-00000000D001}1232C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1100-00000000D001}404C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2F00-00000000D001}1152C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0F00-00000000D001}324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0E00-00000000D001}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882836C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000170017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.555{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config fdPHost start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882564C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000170013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.554{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config upnphost start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885732C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.545{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config FDResPub start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2500-00000000D001}2776C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-453D-60D0-2300-00000000D001}2612C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4538-60D0-2100-00000000D001}2496C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884768C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.544{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLWriter start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4537-60D0-2000-00000000D001}2488C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1F00-00000000D001}2112C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1700-00000000D001}1392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A291-60D0-6210-00000000D001}9402404C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A291-60D0-6110-00000000D001}10841460C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1400-00000000D001}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.536{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SSDPSRV start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1100-00000000D001}404C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0F00-00000000D001}324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0E00-00000000D001}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.530{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config Dnscache start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A291-60D0-6010-00000000D001}28203776C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A291-60D0-5D10-00000000D001}48724740C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A291-60D0-5B10-00000000D001}41561940C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.510{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /c rd /s /q D:\\$Recycle.binC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884424C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.508{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLTELEMETRY$ECWDB2 start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000169932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000169929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.504{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /c rd /s /q %%SYSTEMDRIVE%%\\$Recycle.binC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882584C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.500{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLTELEMETRY start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.490{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-CimInstance Win32_ShadowCopy | Remove-CimInstanceC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A291-60D0-5810-00000000D001}56881056C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A291-60D0-5610-00000000D001}26325288C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882204C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.473{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exe"C:\Windows\System32\schtasks.exe" /DELETE /TN "Raccine Rules Updater" /FC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A291-60D0-5410-00000000D001}45284488C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388972C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.466{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe10.0.14393.0 (rs1_release.160715-1616)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exe"C:\Windows\System32\taskkill.exe" /F /IM RaccineSettings.exeC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8C066C766F5CD84CBC47E14712C54FD0,SHA256=0EA8C0267A76B543302C4258B78BC477AA8876767B7A526549CCE34EEF6D859F,IMPHASH=5F3868B59CD541824A308E7BB7B9CAC3{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883860C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.459{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe10.0.14393.0 (rs1_release.160715-1616)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exe"C:\Windows\System32\taskkill.exe" /F /IM Raccine.exeC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8C066C766F5CD84CBC47E14712C54FD0,SHA256=0EA8C0267A76B543302C4258B78BC477AA8876767B7A526549CCE34EEF6D859F,IMPHASH=5F3868B59CD541824A308E7BB7B9CAC3{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000169879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dllMD5=1695DC10D6943756AC76E1710F794F27,SHA256=A23E3193334857FAC16AEA04988F5E37291989086D7EA03D27F3B7272BD7C84D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x8000000000000000169878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.outMD5=329FDDFE67FDEC8894EDFBEC0B2DFD89,SHA256=AD0B09B4BE3B61D4E085C874CDA4AD54C06529A446B3BF90852A54281E438246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.0.csMD5=6C07E96280D95B04B32B1A9C202569D7,SHA256=156F662BE30B207066B8795BC36A09EF76F06AF9F9D452953B048A13777B49D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdlineMD5=5BAA05097BCDA35D41569A8452579ADE,SHA256=8AF3CCEBB7A8A78F42258F6AA8FDF87C93BC2B22072218D35EDDC04BF8B40E44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\CSCE9893A8CA0B545F38070CA12B2BB138.TMPMD5=92F60683899F011D7AADC8A2C51F86CD,SHA256=44A63CB49F24A6724FB31DE71D10F8293BD22459A1272907B0B8E3CD3680454A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000169874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dll2021-06-21 14:30:40.986 23542300x8000000000000000169873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dllMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmpMD5=4B977E0BA4C0FF8D9C619FE23F453E10,SHA256=CE8F1063137A1B77916433FA71615860EA203DF01AF42C038283070E801BBD81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A291-60D0-5210-00000000D001}4428ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A290-60D0-5110-00000000D001}40046120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b46d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3db4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3f2c|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+4002|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27b2|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+2804|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+2948|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7fe06|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+4726f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45e1f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45b16|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45826|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1938a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18bf6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+a831|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1f0a49|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.101{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmp" "c:\Users\Administrator\AppData\Local\Temp\1o5xmfri\CSCE9893A8CA0B545F38070CA12B2BB138.TMP"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline" 10341000x8000000000000000169862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2be405|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2be05f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bdb80|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bdb08|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bc1c3|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d8e81|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d86ac|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d81aa|UNKNOWN(00007FFDBEE3141B) 154100x8000000000000000169855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.999{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DCC3096D9EFD3845983CF0BA0148A0D,SHA256=7C4041FBFB0D09FB6E0C1665897571D932A1C0DA57CE86FE63A25FEBF330065E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.720{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1236B41EA0459244365A6572A104642C,SHA256=42211067F332757D2AE35686EBF1E0E834258934AEF37B19E3DBA211FBA3D18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=39C9E538FE17214644553BF52B2E16E1,SHA256=692FDAECC02BEA951454FA6217ADA80302D8AA79EC73D59A378F28A610F678F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=54C3688FA626D93D31FE0F78C1A727E4,SHA256=4F459C7E4E7ADD749A9B0732152B0461FE8CBDAD6F514B69B7A8783434903ACD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.595{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.548{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=C5D79128EC634DFD2B8FF5415F4151FD,SHA256=1C69D7B228C73ECE08A88934B17ECFE20658FE528F63F76F301F68BD1869B766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=86D2A043B21F4859E368AF3B8D48C256,SHA256=C55852D2F0F01E013748DE04AE46983199293C5BE3F3573C4CE76C045B014FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=86D2A043B21F4859E368AF3B8D48C256,SHA256=C55852D2F0F01E013748DE04AE46983199293C5BE3F3573C4CE76C045B014FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\DNS ServerMD5=E26ED9F510A201C5243A6376D6192CDA,SHA256=DA389BA1ECC636F994DF721DC9111FEB30E29F393BB0C605D534955598EA323B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2B5DA130FD36CEC5EA0D2F9A55BEE144,SHA256=06CFC98F1FAF7ECE329CB1E2E543BEBAC029D30D7BC1D2B2C47AD16DEFCEF695,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.518{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\System32\VSSVC.exe10.0.14393.4350 (rs1_release.210407-2154)Microsoft® Volume Shadow Copy ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationVSSVC.EXEC:\Windows\system32\vssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=C417EA0DC7EF39347AB3AFC6D9CE0A3C,SHA256=198E5F8976CB3643D7D0709793CD49F8565AEEAC7871389255C7560F497F99CB,IMPHASH=B933B302F069B1ED43D97EAA68CD7B05{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\System32\services.exeC:\Windows\system32\services.exe 354300x8000000000000000170233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.129{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50782-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000170232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.252{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.252{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.220{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.205{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.205{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896\PSHost.132687594414909256.5896.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x8000000000000000170219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_io02thq1.m0h.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sjrhtaja.5kn.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.080{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB9DE90E1EBB821F75FBE48645DB8A85,SHA256=E5E5B618A0B6A6794ECEACF06421031DC4060D317B00392A880DC527F84A098F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000170216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.017{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sjrhtaja.5kn.ps12021-06-21 14:30:42.017 10341000x8000000000000000170215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.861{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A9CBED1350B95CF14BA7D1794919013,SHA256=5F0B5ADF7F2BC3E0128D5C8C69EADE842ACEFC0BACF41A083689AC36F3D15288,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=48F66C3E7A8AB7ECCA2C2886E8A8E716,SHA256=EF4C35BB6083B1E29454D87F751E8EDF9ADCF62E9EDDD89846277470A3AEEAE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=39C9E538FE17214644553BF52B2E16E1,SHA256=692FDAECC02BEA951454FA6217ADA80302D8AA79EC73D59A378F28A610F678F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.595{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0AC09CB65EBE50E891F2483AEBD9479,SHA256=E43A86C4F21928FFFA31C5D95140E14AA477FB5663F592280259C906697357CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000170273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.176{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50783-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000170281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.877{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F869BA260712473A14EFA238922C000C,SHA256=4F7B471EB39C6FC1033ECD06903F6B40BBBBF5F991C577525EA59EAF32FB40EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.799{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.783{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.783{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:45.908{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7208F0403E17634BA01FF410B6B1A74,SHA256=344E42127D1DE894DB610A2DB6001FC54853997A710C4A1BF8C3D275AA4F1FC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:45.830{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0FC21993440F9097D484DB2CD2766938,SHA256=3E16F19F19D3AC41069A48564793D9DFD72F8FD4F28332989849CFDFD994F851,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000170291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:46.814{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\FDResPub\ServiceData\FirstStartBinary Data 10341000x8000000000000000170290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.830{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=962EAC84FC0ADB595E86E03D666137A4,SHA256=C01F37A54C9D06401815837CA053436F6FD6F06137224F085FEFE17C44445AB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.611{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0873264AEC9FE21A4F82F9D7285D891A,SHA256=865B15A0161215AF989D8F95FBB15C5CA30E83A475B7B5015AC65F50A32E5FA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.330{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.314{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.314{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.064{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=896469C532C0B910BE021D61638CA04B,SHA256=5F947E9DDB697969873E73C85D3CC81902CA103C3E3AC284B135CDE076B207FE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000170335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.145{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50784-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000170334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-385.attackrange.local65456-false239.255.255.250-3702ws-discovery 354300x8000000000000000170333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local65457-trueff02:0:0:0:0:0:0:c-3702ws-discovery 354300x8000000000000000170332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse239.255.255.250-3702ws-discoveryfalse127.0.0.1-65456- 354300x8000000000000000170331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse127.0.0.1-65456-false239.255.255.250-3702ws-discovery 354300x8000000000000000170330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsetrueff02:0:0:0:0:0:0:c-3702ws-discoverytrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65457- 354300x8000000000000000170329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65457-trueff02:0:0:0:0:0:0:c-3702ws-discovery 23542300x8000000000000000170328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.330{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5D7D63EBE477E799D68B3921F53DC18F,SHA256=D94F7BD7EE2EE540BB1B6C4B50AE085DC59914F5EDA113B2FEAF179844A2DCB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.205{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346643DD1E2F3F9FDCFC14C8D9DDEFFF,SHA256=65BC45A3350F47ADE4F613DA89E33FAB1304A43553EED0248AF154EBB2C0344A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x8000000000000000170318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.048{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.861{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.845{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.845{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.095{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B712875F973A9128C78C7E800AA1F74,SHA256=D6C4309DA3B2D745D2E74D8C414A3D08375B3D30A1D257C2EF3C754B169CA711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C00512BE1778BDD6CF474927396CBAEC,SHA256=65197E80F4224C657A795CE59BB274E6457CBAA82AAF0D48A7505D5B89D777E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.595{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5472CC95B39509138E961BBFA1D3E1F4,SHA256=1CC3439D78CE5D01F2F35630843B321595AF029EA309432BDE7BFB0AF1EF38FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.252{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E9D7B86EE4B4EF64FFB73C57C44A53F,SHA256=A8E0DF487A8D7C705636384C9E20825EA66C8A2ADDB4CDFB7BE8933AE7A091F4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.923{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.923{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.673{D8DCB3A2-A29B-60D0-7710-00000000D001}48882584C:\Windows\system32\conhost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883240C:\Windows\System32\cscript.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.663{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exe"C:\Windows\System32\netsh.exe" advfirewall firewall set rule group="Network Discovery" new enable=YesC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.330{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467679DA65EA84C275180C1140333DC6,SHA256=D01DBCE20CC0AA0D57E1B39CEDAB0B9A787A92CEE620950E402DC1DCB9106816,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000170661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-rtlsupport-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l2-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-realtime-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-profile-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processtopology-obsolete-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-2.dll2021-06-21 14:30:52.986 11241100x8000000000000000170654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-namedpipe-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-2.dll2021-06-21 14:30:52.986 11241100x8000000000000000170646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-localization-obsolete-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-interlocked-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-heap-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-handle-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-delayload-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-1.dll2021-06-21 14:30:52.955 11241100x8000000000000000170616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-console-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-comm-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-com-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-base-util-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\WimProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\VhdProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\UnattendProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\TransmogProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\SmiProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ProvProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OSProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OfflineSetupProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\MsiProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\LogProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IntlProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ImagingProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IBSProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\GenericProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FolderProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FfuProvider.dll2021-06-21 14:30:52.939 11241100x8000000000000000170595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.939{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DmiProvider.dll2021-06-21 14:30:52.939 11241100x8000000000000000170594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismProv.dll2021-06-21 14:30:52.923 11241100x8000000000000000170593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localEXE2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe2021-06-21 14:30:52.923 11241100x8000000000000000170592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCorePS.dll2021-06-21 14:30:52.923 11241100x8000000000000000170591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCore.dll2021-06-21 14:30:52.923 11241100x8000000000000000170590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CompatProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CbsProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AssocProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AppxProvider.dll2021-06-21 14:30:52.923 10341000x8000000000000000170586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.720{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.720{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9313EBEB6CCC9CFD0153A56178607C92,SHA256=D84FBDF722112E3A18D99D3A61CDB13363A9A59E6B5FED6C933D9A627705852A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.673{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A145FD54AC6ADFB149FF11D4C889EA44,SHA256=34E63C7BCDAFF7EE79BE1175CE4BB5D0DFD2C92655A782E088AD76A44E44871B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.673{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=59FFDAA2545076E4EE6AD42F1712529F,SHA256=8A2A7FB37B873A0612E0CB4BC53C5659D4214A20FDDA4A0B36835833E5947FF0,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000170579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:52.673{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900\PSHost.132687594525543645.1900.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 10341000x8000000000000000170578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-8910-00000000D001}50525232C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_afvpgqsa.jrx.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000170569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sn45i0pb.v0g.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|UNKNOWN(00007FFDBEE47F80) 154100x8000000000000000170566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.655{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"net.exe" viewC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F600957A19FE3FC6104717798F9C474,SHA256=4D6A64E008BD440E4894D7B151E22556F28428C6DB63B5DB4DEBA202B38FEB15,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000170562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sn45i0pb.v0g.ps12021-06-21 14:30:52.627 10341000x8000000000000000170561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-A29C-60D0-8710-00000000D001}5144500C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c01b0|UNKNOWN(00007FFDBEE47C66) 154100x8000000000000000170546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\ARP.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Arp CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationarp.exe"arp" -aC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=1E065F9F13F4A59292BE9B2EC513D7A6,SHA256=CCA1F962F9435330C556F07A1745D743AD7ACAD7561C4C79420B0BF16C8E1D0A,IMPHASH=B3077D4D25C0193C09E23EF3AC7B070E{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8510-00000000D001}14443228C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8410-00000000D001}56045304C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8310-00000000D001}22926020C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-7F10-00000000D001}32802144C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885180C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884172C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.592{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "C:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 154100x8000000000000000170519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.591{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "Z:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884324C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.591{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "D:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000170508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.585{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe10.0.14393.0 (rs1_release.160715-1616)Mount Volume UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMOUNTVOL.EXE"C:\Windows\System32\mountvol.exe" A: \\?\Volume{dfd6b7a8-0000-0000-0000-100000000000}\C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=E343A47AD45B4F959CA483FF84BA4922,SHA256=CE3C232D94FF7940D89F4D5F4888BD19A1E9D71BD6EC9A50715E785400C84652,IMPHASH=E94BE7B41039B13C11D44EF457A7493F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-A29C-60D0-7D10-00000000D001}50885600C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-A29C-60D0-7B10-00000000D001}14604412C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|UNKNOWN(00007FFDBEE45717) 154100x8000000000000000170494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.561{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe10.0.14393.0 (rs1_release.160715-1616)Mount Volume UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMOUNTVOL.EXE"mountvol.exe"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=E343A47AD45B4F959CA483FF84BA4922,SHA256=CE3C232D94FF7940D89F4D5F4888BD19A1E9D71BD6EC9A50715E785400C84652,IMPHASH=E94BE7B41039B13C11D44EF457A7493F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x8000000000000000170492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1088SetValue2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicyDWORD (0x00000001) 10341000x8000000000000000170491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000170485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.554{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Enable-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 13241300x8000000000000000170484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000698) 13241300x8000000000000000170483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Session-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000697) 13241300x8000000000000000170480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Session-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000696) 13241300x8000000000000000170477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SMB-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000695) 13241300x8000000000000000170474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SMB-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000694) 13241300x8000000000000000170471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Name-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000693) 13241300x8000000000000000170468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Name-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000692) 13241300x8000000000000000170465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Datagram-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000691) 13241300x8000000000000000170462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Datagram-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000690) 13241300x8000000000000000170459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SpoolSvc-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC|App=%%SystemRoot%%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068f) 13241300x8000000000000000170456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-RPCSS-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068e) 13241300x8000000000000000170453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP4-ERQ-Inv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068d) 13241300x8000000000000000170450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP4-ERQ-Outv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068c) 13241300x8000000000000000170447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP6-ERQ-Inv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068b) 13241300x8000000000000000170444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP6-ERQ-Outv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068a) 13241300x8000000000000000170441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-LLMNR-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000689) 13241300x8000000000000000170438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-LLMNR-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.455{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.455{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.408{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.377{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.377{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-A29C-60D0-7910-00000000D001}58124788C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883380C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.334{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exe"C:\Windows\System32\netsh.exe" advfirewall firewall set rule group="File and Printer Sharing" new enable=YesC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 13241300x8000000000000000170417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000688) 13241300x8000000000000000170416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnPHost-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000687) 13241300x8000000000000000170413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnPHost-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000686) 13241300x8000000000000000170410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Name-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000685) 13241300x8000000000000000170407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Name-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000684) 13241300x8000000000000000170404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Datagram-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000683) 13241300x8000000000000000170401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Datagram-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000682) 13241300x8000000000000000170398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNTS-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000681) 13241300x8000000000000000170395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNTS-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000680) 13241300x8000000000000000170392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNT-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067f) 13241300x8000000000000000170389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNT-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067e) 13241300x8000000000000000170386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-SSDPSrv-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067d) 13241300x8000000000000000170383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-SSDPSrv-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067c) 13241300x8000000000000000170380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnP-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067b) 13241300x8000000000000000170377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDPHOST-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067a) 13241300x8000000000000000170374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDPHOST-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000679) 13241300x8000000000000000170371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-LLMNR-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000678) 13241300x8000000000000000170368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-LLMNR-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000677) 13241300x8000000000000000170365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDRESPUB-WSD-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000676) 13241300x8000000000000000170362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDRESPUB-WSD-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.173{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.173{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000170770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.207{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50785-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000170769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.705{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-A29D-60D0-8D10-00000000D001}55445780C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+660c|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.696{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000170761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-A29D-60D0-8D10-00000000D001}55445780C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564652C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\windows.storage.dll+11a32|C:\Windows\System32\windows.storage.dll+11729|C:\Windows\System32\windows.storage.dll+115ff|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHLWAPI.dll+e1f7 154100x8000000000000000170746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.672{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000170745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.486{D8DCB3A2-A29D-60D0-8C10-00000000D001}34801992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 23542300x8000000000000000170740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.439{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D16E6FE95CECA01A20FD524A48285C2,SHA256=69E2AB41F8C069DBFBF5B4FFC1DBA8BE4481F90CC37334A46C9D8B79066F476C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.390{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000170731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.377{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.369{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x8000000000000000170722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.283{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=5DB0F197785408DE9F362CC1B04242BE,SHA256=1DDE7451A445A78DB3CF91A921F2795CB048073C4ED86C63D9DB9447F66EEA38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.283{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C2EAA904A76124AA22F8B0DB6FBB8F93,SHA256=E8982CFB219D6F66D5230354A9E73BED174917251F1A9734DCA3C923577533BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.080{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED2D6D6D997E1576A28E7DF33517677,SHA256=692CC8D0110ED64AE2D04E571A123913BD0C8C4179551F4C9BA3738A4E1B25B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.049{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41450471D3438B33A335DFA05FAE70B,SHA256=50ABF025D2F3085373FDDDE44E158DE1D7A52DB95AC00F04166366F0E376B5BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-A29C-60D0-7A10-00000000D001}19005028C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\SYSTEM32\Dism\DismCore.dll+273f6|C:\Windows\SYSTEM32\Dism\DismCore.dll+8eaa|C:\Windows\SYSTEM32\Dism\DismCore.dll+58d4|C:\Windows\SYSTEM32\dismapi.dll+55381|C:\Windows\SYSTEM32\dismapi.dll+2c46a|C:\Windows\SYSTEM32\dismapi.dll+25f06|C:\Windows\SYSTEM32\dismapi.dll+24ceb|C:\Windows\SYSTEM32\dismapi.dll+2466f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.034{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe {4CC5A7BB-BA1F-444D-9C0B-A1AD590AF8AC}C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol 11241100x8000000000000000170706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-winsvc-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l2-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-sddl-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-provider-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-lsapolicy-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-cryptoapi-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-base-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-EventLog-Legacy-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Provider-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Legacy-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Controller-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-eventing-consumer-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-xstate-l2-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-xstate-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-wow64-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-version-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-util-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-url-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-timezone-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-private-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-legacy-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringloader-l1-1-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringansi-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-obsolete-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-l2-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-string-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shutdown-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-legacy-l1-1-0.dll2021-06-21 14:30:52.986 10341000x8000000000000000170796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.986{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.986{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+25e534|C:\Program Files\Mozilla Firefox\xul.dll+1215769|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.979{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.0.525549771\900183314" -parentBuildID 20210614221319 -prefsHandle 1492 -prefMapHandle 1484 -prefsLen 1 -prefMapSize 238512 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 1540 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.0.52554977C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.939{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.923{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.923{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.892{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.845{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\parent.lockMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000170776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.652{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local138netbios-dgmfalse10.0.1.14win-dc-385.attackrange.local138netbios-dgm 13241300x8000000000000000170775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localTamper-WinlogonSetValue2021-06-21 14:30:54.767{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exeHKLM\System\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller\Events(Empty) 13241300x8000000000000000170774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localTamper-WinlogonSetValue2021-06-21 14:30:54.627{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exeHKLM\System\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller\EventsCreateSession 23542300x8000000000000000170773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=584F9A378B48A22822BE4CDC41E6FE91,SHA256=BCC28505B56781E651C65613578DCCEB3577C511BF642178CEC7DB25C08E55CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.392{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=0750BFE61C8E818D32144E19C520C21F,SHA256=44087E7F25CC0FB19E163F7A70BC7B53A1BF579B4FF6CCE9D940C2D2C8A73EC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.048{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A145FD54AC6ADFB149FF11D4C889EA44,SHA256=34E63C7BCDAFF7EE79BE1175CE4BB5D0DFD2C92655A782E088AD76A44E44871B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.990{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=39024D660220B7CD3962EC3C48A022D0,SHA256=036B866208AE5C2FA243A3F3B019A00D9F3457D30BCE895CD14BC3BBBD0E03BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.921{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.921{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+16b4912|C:\Program Files\Mozilla Firefox\xul.dll+1698773|C:\Program Files\Mozilla Firefox\xul.dll+179446d|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841 10341000x8000000000000000171016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 354300x8000000000000000171014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.838{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-50788-false127.0.0.1-50787- 354300x8000000000000000171013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.838{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-50788-false127.0.0.1-50787- 354300x8000000000000000171012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.332{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50786-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000171011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.332{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50786-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000171010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.870{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A3870BE59E783BA9D0FA4BBCA2C1AD4,SHA256=E217E18260C70D7ED5BDDEFE813F5FF167DDDA580AD60D6911C2F213475DAD1E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.806{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.774{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000170989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.19.201220929C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.18.180179091C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.17.52600894C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.15.81224850C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.16.124321088C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.14.49076790C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.737{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.3.214579641C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.737{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.3.214579641C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.737{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.737{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.2.18111847C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.2.18111847C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.1.11314706C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.1.11314706C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.0.141957256C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.0.141957256C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C79B34ECC580EB27B7284F9B75BE34F,SHA256=5A1B791F065E888219DD4050E4B01DE54E220F7DEEA1EDB0F47C3201CD1F4D4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-1C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.690{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BAB78D2F4211C4364B1FF187657A7D5,SHA256=7C5D943811910255B87816B37EC96A52C8C55597C23F14E739A1AC957A958C2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.13.41162526C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.669{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.653{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.637{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A3EADF5A7DFBF3636F5289D62A6883BF,SHA256=58CBC5DE1AD925AB6349C3C90A2F50B2377984131ED4A4640C21C4B2B3275BCD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 23542300x8000000000000000170944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 23542300x8000000000000000170933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A16B7BA60494E9738EC1372201681242,SHA256=822A489EE825677D6FFF9E0C925EF849B71752B6E49E71D151610800151C4087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D20D246280499A25E64A6E6A321C4F8D,SHA256=424F9316E13A117511320AECED9945C1DFFA4BCB7A6978F59A67F7FA31C7D908,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.590{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000001C79D934AE0) 10341000x8000000000000000170927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000001C79D934AE0) 10341000x8000000000000000170926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.572{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.19.201220929C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.18.180179091C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.17.52600894C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.16.124321088C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.15.81224850C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.14.49076790C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000170914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000170912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000170911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000170908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.529{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.13.411625263\321067842" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 6104 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 3232 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.13.41162526C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.12.54294924C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.11.25263314C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.10.166740878C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.8.30396275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.9.108104756C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.7.117011890C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-0C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.3.182427386C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.392{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.3.182427386C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.377{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.2.51242058C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.2.51242058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.1.41364609C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.1.41364609C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.0.140206045C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.0.140206045C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.361{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.361{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000170867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000170866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000001C79D933DFF) 10341000x8000000000000000170865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000170864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.6.140074599C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.314{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.314{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2bbef01|C:\Program Files\Mozilla Firefox\xul.dll+2bbee09|C:\Program Files\Mozilla Firefox\xul.dll+2c83ac5|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 10341000x8000000000000000170858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000170857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.252{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.12.54294924C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.236{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.5420.0.205493087C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.5420.0.205493087C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.11.25263314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.10.166740878C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.9.108104756C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.8.30396275C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.7.117011890C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000170838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000170836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4 10341000x8000000000000000170835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.224{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.6.1400745994\2030650508" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 515 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 2096 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.6.140074599C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000170823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000170822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 18141800x8000000000000000170821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.4.152412275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.5.76138571C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130565f|C:\Program Files\Mozilla Firefox\xul.dll+1865196|C:\Program Files\Mozilla Firefox\xul.dll+57ee7f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.5.76138571C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+13054bf|C:\Program Files\Mozilla Firefox\xul.dll+1864ff1|C:\Program Files\Mozilla Firefox\xul.dll+57ee77|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.4.152412275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.3.90938915C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130531f|C:\Program Files\Mozilla Firefox\xul.dll+1864dea|C:\Program Files\Mozilla Firefox\xul.dll+57ee6f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.3.90938915C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.142{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.4388.1.20324401C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+1282d98|C:\Program Files\Mozilla Firefox\xul.dll+13053ef|C:\Program Files\Mozilla Firefox\xul.dll+186537b|C:\Program Files\Mozilla Firefox\xul.dll+1863986|C:\Program Files\Mozilla Firefox\xul.dll+1192d84|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.2.82172962C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.2.82172962C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.1.20324401C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.002{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.4388.0.52554977C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.002{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000171136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.676{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255ip-10-0-1-255.eu-central-1.compute.internal137netbios-nsfalse10.0.1.14win-dc-385.attackrange.local137netbios-ns 354300x8000000000000000171135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.676{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.255ip-10-0-1-255.eu-central-1.compute.internal137netbios-ns 354300x8000000000000000171134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.481{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50792-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000171133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.428{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50791-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000171132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.409{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50790-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000171131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.394{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50789-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 23542300x8000000000000000171130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.889{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed 10341000x8000000000000000171128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed 10341000x8000000000000000171126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61CF2EE02A1711A497FBA9C557A2532E,SHA256=2BD5C81877B1D3D905343BF2311022B5063AB3BF35C6FB26F2130C7656498B54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.590{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6A3182B048D81DFE57CD71EE1B57A8,SHA256=CCCA7C74D66468F1BF5F3035FB52F9BC0400B6195F496DA5774349367074DAF2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.26.94703991C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.25.153038511C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.24.75302786C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.22.118835346C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.23.77036058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.21.100376671C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.572{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.571{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.2.87329775C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.2.87329775C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.1.66162711C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.1.66162711C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.0.40060852C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.0.40060852C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.552{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.552{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000171105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.20.53120032C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.421{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000171097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.084{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.084{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.492{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388d2nxq2uap88usk.cloudfront.net02600:9000:21f3:1a00:a:da5e:7900:93a1;2600:9000:21f3:600:a:da5e:7900:93a1;2600:9000:21f3:ae00:a:da5e:7900:93a1;2600:9000:21f3:f600:a:da5e:7900:93a1;2600:9000:21f3:2e00:a:da5e:7900:93a1;2600:9000:21f3:4c00:a:da5e:7900:93a1;2600:9000:21f3:c00:a:da5e:7900:93a1;2600:9000:21f3:7e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.492{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388d2nxq2uap88usk.cloudfront.net0143.204.98.30;143.204.98.118;143.204.98.120;143.204.98.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.420{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.420{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.404{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.404{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.399{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.334{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35BB00CF8863594F0F58584DD7FACB97,SHA256=E5B4D210B8C72C15F106C10FCE3C1951294F2833314E9AF2B802BE40E3C8F6D2,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000171087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.26.94703991C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.25.153038511C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.24.75302786C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.23.77036058C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.22.118835346C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.21.100376671C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468 10341000x8000000000000000171075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000171061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000171053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.226{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.20.531200329\113393117" -childID 3 -isForBrowser -prefsHandle 4204 -prefMapHandle 4184 -prefsLen 6917 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4200 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000171052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.20.53120032C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.174{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.174{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\pending_pings\e949ef59-e3d7-4873-b805-d4d1aef26ebbMD5=18B508D63FDED2D8D3D3720E28BA5940,SHA256=3E7B900CA187BE21BC73F51078452054E04A34A0F2183E28E4829B4D6C742020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=77A895D09F00FD30850DCA1795F8D9CB,SHA256=6546EA4F410FF641D7BCD85F70903CDD7B7F1FAF69B359D4A87884BFEC45A53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=8D04A007038C517E12D2A3A155CB873E,SHA256=230B381EEE810F702DD0A2C3C10231D6517754F968C39B40C99EBF0925117478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=180B8A548F6695537D39A32C46B23BFE,SHA256=3E6E48F1CB6E91520CB8FCED93EC4DAD32001A1B8A06E3B2A8731C72665E05DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=6F6E29360BF1A2D5EA155085DA776917,SHA256=34C888A32976E0B19E5BF3AB0E989965EABD5CD7B23CDCA8AE34A3112D3E33DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=ED0557A16E8EDC32F0AFB02B33060BB7,SHA256=21E66AED8EB48F57A4615A3A11D6A6DFA97B653494F124D20CE2185972D3D8DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4704D4FBBF3AC2FF97F5FDBFCA992B9D,SHA256=7A2BDF9A12B9786249E102D893BFD9150CDDE1EC5007378FBD62204E5353198D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=3704D2CEE9582C090BC14D6EC5B5EEAE,SHA256=2702235FCCA180D7857EB945E1C95C3952AC62E9653E123A35CFE58D4708B2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5EBD93E146DA9ABCD15FAB881EB3DF5B,SHA256=8649D00A63787EB8BBB9785F7578BE17591C87FF51474E78F490A1314BA84A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=47136102AF77FC92ADA2560E4FBC7353,SHA256=79DEDCA063136254BFBE870B2EDBDE3385D41AA88461334D5BCDD3B0D4137D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=AB960C6C44172091B7E6A6462D9E7E83,SHA256=C472AA9404D95303C83D9A99494BDA02375565B08D7CE663FF780D42D0FA37AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=CCD58D13FE3820CC45BA4EC7647B0D66,SHA256=42EE288200B7B906ADF5C90497F4B5CA5869ECC8A599F4A41193A529DB675432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=064E21E3D48EB04E3F0B8D0EA7C472D0,SHA256=EB84E44998F6432118A27656DDD72E4B3FC6FE055C532D0F63F1059FC4C8D207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=EE1BCEA2ACBA48C4D2DCD3C95FF488FC,SHA256=3CADDE61ABA9C222F0406C2863FBDFD69BEB2B1B7027EDF8F5B629FA3F359DDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.jsonMD5=7ABFFE156CFCF61314ACF60B8B8CADE8,SHA256=D33B384DA2A6542D3F4892AAE6CAFCB2B769D867533F71EBF28DACA82EF68CAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=84A6EADFA600A42B42BF7670122E89FF,SHA256=04B081304CA50D258229B43264318F346E86C2C7CAFB3E0A18A35BD53F174715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=F9541488B06D8344ABA622D53535F362,SHA256=9BC4BEF9CECE3E61F1146A3A41EBD0E6B775FA0320CCA3F785718C3648725912,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=29F8E682886A3A7574E0C517B9346E01,SHA256=0883F66CC98594C36FAB0644F84EC2B3DE32536D103090DB88C732510765220A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=2EDC4FD01C36391A3A5ED7E78D2926A7,SHA256=C2DC9F6DFF403BF669B1CCF8BE66D19934E33C3AC3F6EA1FF6FF4928CC512248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5D1AE3BF8BCD0E61CEB45F7709D4B405,SHA256=B99D82B45A08847C745D571A688FB069BBDE866542CD877245EAE7F802094F04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=B86BF9823EAE55EA887B9BB75DD489B2,SHA256=A31AC1A8FAD69ECFD541B691870903D1C3027E01EF0CF94AFB0AEF30C3C7F84E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=AB960C6C44172091B7E6A6462D9E7E83,SHA256=C472AA9404D95303C83D9A99494BDA02375565B08D7CE663FF780D42D0FA37AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=352D5B9397327AF25C6C8BA6A4A0047F,SHA256=F4CF3AAFA3E4AB5F5119434351B581602A60EFCF331B9B99063AA51EF72B8F94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=7213E06C4380CCE4A456DF6F55471C9E,SHA256=2CF73A796040717B1F71488A88C76078CFA20BCBF33ABAA98C7473B4DE7A5A56,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.872{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.872{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.719{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C08C582A3E7F85B2E09FCC9931DDCD9,SHA256=06AE28E7B457BA02EF39C08E0266588CFEC413CBAC42670FFBC6BE60629258D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.470{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.451{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.451{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 22542200x8000000000000000171143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.090{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.wikipedia.org10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.090{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.reddit.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.facebook.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.youtube.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.ebay.de10054-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000171138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.073{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50794-false93.184.220.29-80http 354300x8000000000000000171137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.923{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50793-false44.238.3.246ec2-44-238-3-246.us-west-2.compute.amazonaws.com443https 10341000x8000000000000000171190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x8000000000000000171187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.949{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44AFC024024C394AA974152CDF76DA0F,SHA256=9889BFD981E38868156309E9DC8F67EB9CC17DB2B39D491058A8D42F9F5C44AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.934{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=8D239EEAF98B11D8551F3315F54EE149,SHA256=0BCD7745BA7E622C2D0D00ED4268ED46D62D947063CCBF5AA1EDE5B059870B1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.918{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=CE5B6A5BAF59042A50E079901BDD80C0,SHA256=AE27598E0758BCE15DA0467FFEC159B3966F25D1D452FE4235465B678820ACF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.469{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=AACFE92693223DFE96A6312FE9CE1C16,SHA256=A696E56EF03EFDDAF03F991EF25A3992D630C34E55F84D4342CED5175F6AC52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.288{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.103{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.103{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-A2A2-60D0-9810-00000000D001}58526160C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-A2A2-60D0-9710-00000000D001}27166152C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-A2A2-60D0-9410-00000000D001}45602632C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.12C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.063{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.1C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.035{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.035{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.049{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.14C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 354300x8000000000000000171201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.099{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-385.attackrange.local50796-false10.0.1.14win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000171200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.099{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50796-false10.0.1.14win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000171199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.036{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50795-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.118{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.049{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1706734B9FD5C21F1BF6B5CAC1387F51,SHA256=E6631DCFB001291A17DAD20E03A6662ACF6A4317A5904E01B2FB234E201E3D76,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-45EA-60D0-9800-00000000D001}43923544C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000171206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.048{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.google.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.017{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 23542300x8000000000000000171204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.017{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA4D0794D8DCAFBA8D59C813F938372D,SHA256=C80F8D4997A95B63A36BB16F3A265FE544CA975BCFDC77355831D3133EB25FE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.974{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000171225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.235{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal137netbios-ns 10341000x8000000000000000171224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.437{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.406{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.361{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.247{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000171219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.247{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 18141800x8000000000000000171218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:01.245{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.4.180781119C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:01.245{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.4.180781119C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.225{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.225{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.224{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=75C3F42BC760AF7B9F1E2DDAAEE6C05E,SHA256=7511CA6994CD9ED8D6D269E6FBE805DB88AD7719386ADE961E052C16229D0817,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.223{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.218{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 18141800x8000000000000000171211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:01.207{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.3.37059428C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:01.207{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.3.37059428C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.207{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29f59d1|C:\Program Files\Mozilla Firefox\xul.dll+29d20cb|C:\Program Files\Mozilla Firefox\xul.dll+379aa9f|C:\Program Files\Mozilla Firefox\xul.dll+1179aa1|C:\Program Files\Mozilla Firefox\xul.dll+117cd3d|C:\Program Files\Mozilla Firefox\xul.dll+10ec5d1|C:\Program Files\Mozilla Firefox\xul.dll+1110b5c|C:\Program Files\Mozilla Firefox\xul.dll+1123281|C:\Program Files\Mozilla Firefox\xul.dll+1123189|C:\Program Files\Mozilla Firefox\xul.dll+1121feb|C:\Program Files\Mozilla Firefox\xul.dll+e582e2|C:\Program Files\Mozilla Firefox\xul.dll+d82a67|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 23542300x8000000000000000171208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.051{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB96034D731CBF094D316383DE1CAD5F,SHA256=9192F6B576395806FB6AE37891EFE61A93C6ABAFE8BF8C91839A46418042128D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.000{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5C83EF112235D22676353DD70A6D9B1E,SHA256=84E2F2B5F048B9E465CBB28AC5CDA7E8F338CCD02F2BE05810DC5791C085F96B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.900{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480NT AUTHORITY\SYSTEMC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\servicing\Sessions\Sessions.back.xmlMD5=EA2B0C973333A26A41089DADA25F7A34,SHA256=2EE72C852EE22D2DE8BB3314A3815442EE2A8A281A9DB62CE8BAFFC2B17F3A00,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.770{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.770{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.552{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.532{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.532{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.440{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18CC034B534D686DD5D054453B6576CB,SHA256=6D5D0344D4EB3AB81AB5FB4DE1579A334E9780090371F9177569927E79419DCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.352{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.33.87945427C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.32.185700560C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.31.91730071C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.29.57648886C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.30.107019332C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.28.126802716C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.342{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.342{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.329{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6384.2.200875116C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.2.200875116C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.328{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6384.1.181598942C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.1.181598942C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.0.173976062C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.0.173976062C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.326{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.326{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000171270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-3C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-3C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.282{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.281{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.280{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.27.27211254C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.278{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.278{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.237{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.33.87945427C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.32.185700560C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.31.91730071C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.30.107019332C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.29.57648886C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.28.126802716C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468 10341000x8000000000000000171251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000171237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000171229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.27.272112540\165994302" -childID 4 -isForBrowser -prefsHandle 4544 -prefMapHandle 4548 -prefsLen 7137 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4564 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000171228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.215{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.27.27211254C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.131{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD2F6ADE9DFD662DD024116992A2FDA7,SHA256=6897358BA0F40BA87395F78EE2E86ECFF6DE54E5DED44AF675885E560BE6358A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.546{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C9D1FC30C0DA6123B83739E747EFB843,SHA256=A15494C5D12E7577AB9847D51942A1C0B1BD5A3A81A273F5EB73BB934B3C972F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.514{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE567408E9B202A1DE5671564397EC43,SHA256=272C705E54F69A5B9975171F714C2512B7BC906D465A00EB20FCEFAA9DA07D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.514{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69F709EC8364906A732B02887B02A0CE,SHA256=D5E4D03A85B1D1419E81B38CAC8DBD15598F4F26BD3F280D027AEEA9CC2E0DF6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.179{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50802-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:04.529{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C97452BD2A4F53C285C5518DD398B8AB,SHA256=CB606D5E5CF21B03A3FCB422BCE6F0D777A7E41D303658C925B7E1624796C616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.559{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4E11FCFEC0EBCD5B3043CACB82188C1,SHA256=302B7271040154E156BA942B8EE32AE2E4DB9307C2722A429B3CDE497B2A96DF,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000171304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.474{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388processexplorer10054-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.076{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:06.574{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A63392E90FA7CEE8588562396B5B6F3,SHA256=05557B37E106E5925635CA72A0C49B201C70E1A29F7D66FE74DB8DA2578050D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:06.075{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2C12E9B1CCEC2485D0FC626185E22810,SHA256=4B94E8CFC1F3A158A34FC6F80E7FCEDD7043F73E88A5FE4CAAB8702E17F2654C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=44536322E812D99485AE03498E4B4EB4,SHA256=EF1D6FC2581FC8E2399460219D787140214349A6FC8AED355CBF86461381E801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.626{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.626{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.610{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.610{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000171317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.609{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 23542300x8000000000000000171316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B7770B7F1CF6BFE25EFE351E546E492,SHA256=023F2DB3C4ADA00D5F6D14A633D343A707BDDEF2784EF4BBF8546BA12063B28F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000171313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.210{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.058{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=9EAD74CCCDC9F5EF9751DFE5F1936018,SHA256=0C23551080C397CD6EB003D5441EF8E00B5FDFD831A750D8BA3BD2DF1A956E23,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.042{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669 10341000x8000000000000000171308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.042{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 23542300x8000000000000000171328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.641{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BECCBE881A9040AF757E037B1AEDA6C,SHA256=FEF4AD299BD4D180EB36BDB4C9895E88E221951ADF9C4A2A2B16A20B909567CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.607{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E224A00C73AE6CE5548010AF91CAB75E,SHA256=4678253E838CB763D0543419283D12F3FD24B33ADC4DC67D74E7C68E7117B1A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.405{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=426A05CA94CAF564C0D0F6DC497AE60A,SHA256=955CC6B20EEC3DBD38C52BB058AEFF31EBB4A41A13E0D7BEBDF4410E720A647B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:09.655{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D92139A63277DFCF5A795A8671A3BC8,SHA256=80727036B9FC99A6822C9C9DA1BDAF6A2CE1207CE339352A2707DC081BB7343A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.812{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.781{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\WimProvider.dllMD5=1B0C7DFB2240BA004B37904073624DB3,SHA256=F2C7DB522DDE968EDF49B03BC10978AAC4C42C745CA4A474627E8CEBBCEBB00A,IMPHASH=20D31D66F56B810094B1AA564C92009Dtruetrue 23542300x8000000000000000171480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\VhdProvider.dllMD5=F37C8F5BF852151D9BF085687A8DEC6D,SHA256=6CDFC95C2F2ED3695D5EE8CF4367A6C7FB5707DA3C234CEE8FA8C1BBDE426DE7,IMPHASH=3CA997A1A0BD38B850B18DAED5E948DEtruetrue 23542300x8000000000000000171479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\UnattendProvider.dllMD5=3DB4777B76FC1973A61754FAEC348981,SHA256=29A4C7379E5A0A7532C90B5ACE0DD99AB5311D03CC0BA6A4BCFB410D7D8B01AE,IMPHASH=4FA75E8720452554D61C8AC5FD64C43Ftruetrue 23542300x8000000000000000171478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\TransmogProvider.dllMD5=5E82E2B7CFF045C7CDA8E33EAB186402,SHA256=0038B82E999C3DEF3980D39A8CAED9EA6B52A4FC9EF58BF3B3F5FC91F7748112,IMPHASH=7746C0E3C7D3763C5F13C90D4934087Btruetrue 23542300x8000000000000000171477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\SmiProvider.dllMD5=C5C7A9E3121B91E51ECFBA6FB2985044,SHA256=FB519B9EEF4C3344D58C768BD3AD7ADCB0677EA7B998056B6A13620CB9E61412,IMPHASH=03C38376DA7CCE75E82EECACADA0EA03truetrue 23542300x8000000000000000171476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ProvProvider.dllMD5=5077063311C5708318C5FA3E255011ED,SHA256=97FA95102B6ACF00C70F140EE9FA4A73A6BE7C03E0F0D99AE58DB5E492CD0ECA,IMPHASH=D8DD764BFC0F1D9E403714D169018B83truetrue 23542300x8000000000000000171475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OSProvider.dllMD5=4868187A2F176074DB7F35E356F74D4F,SHA256=84C8C4C67C808871A278254304D985533F67D44391840F43674FC829014E1B60,IMPHASH=82A4D833A82D441391A9AA3027199337truetrue 23542300x8000000000000000171474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OfflineSetupProvider.dllMD5=86B7E8438B1125C479FD275B1BDDB9A7,SHA256=47FAF8671B25A30D7BCC47AD35926D70DB633A181FA6C276479B4408A526E63E,IMPHASH=B8B4A188EFC4F12D33591C6D319B6F12truetrue 23542300x8000000000000000171473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\MsiProvider.dllMD5=EA19239A85416A488360FA564D312402,SHA256=F21591336CD1A24EE941827620405FA34414C1C349216B4B8083ECD1FFF17C29,IMPHASH=33E1132923056DDEFB0521726DA5B987truetrue 23542300x8000000000000000171472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\LogProvider.dllMD5=F7DB4F104DBB56DF5A156E7329E80112,SHA256=7C67EFAF44D1413576B4575B1A4C975BCB10B64BEF13E6756E895D4DB9E61AA2,IMPHASH=FB695172E8A76C56E97CE435F8ED0220truetrue 23542300x8000000000000000171471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IntlProvider.dllMD5=0082903881275179642AE83EFA720310,SHA256=7CCF1625E6FBE4DB16F12AC037E4236A3EF269DEE47A157C68374C867941F9E8,IMPHASH=CFB81BC5FF922F23D605A653700FE666truetrue 23542300x8000000000000000171470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ImagingProvider.dllMD5=EEB4AA36BAD26A2C6216A1FF3439B58C,SHA256=44A6679425039DC870C297294C4B3323F6FA9DE5C7D16D7D0AB7E1254AFC75D3,IMPHASH=0264D9B4BFE54732ADF0E29BC73BF280truetrue 23542300x8000000000000000171469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B034EC58467628FDF37D5D8FD9F6F00B,SHA256=F3972323F6452A52D75119CB9E8AA1061D4360A825756D71A6AE90ACAD5DBDE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IBSProvider.dllMD5=11DE34FCDB75E79A920D3B491F3E7BF0,SHA256=6B7C7AD8B1AD522B27B2CC5E4F76F56ADE4495D7D46CE4F997A68954F072AF17,IMPHASH=C755896FA14213058E34639A28868FBCtruetrue 23542300x8000000000000000171467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\GenericProvider.dllMD5=397ED660129D40927A27B75A4B8FAE2E,SHA256=EAFCECFE911DABB4531E1331DDF2E119DCBB6B7A887D70BDE737EA76BE10EB74,IMPHASH=F55EE75573C110804DE5E50ACEEC1B06truetrue 23542300x8000000000000000171466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FolderProvider.dllMD5=6428B4D0C26DB23E9478F039891CD5C9,SHA256=55126BB099785C2F9CD32A30991082C47D62C8231D570A9D8A6F3CC599B25EE1,IMPHASH=B2CC5EDD42A866F7CB6CAE42DB969187truetrue 23542300x8000000000000000171465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BBCB21D24938C1B1924A1A790D5BCD9,SHA256=4C8699A7AC7E5095E1955C30640EC0CC3B8A0DA269FC887B9C20F50AB3E5AA97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FfuProvider.dllMD5=E27BC7F808E72F08372BA3C40B4B6344,SHA256=927B194432046C0D2ADF7C7B71E4BE85602C4D00A5D6EDA9F9DB9924E1C3447A,IMPHASH=8580AF5C1871319D05329DB2E96A8146truetrue 23542300x8000000000000000171463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\WimProvider.dll.muiMD5=CC3B15540DDB521A300BAFF0BF4F902E,SHA256=33C06CC037DF1EBB72A15BCC2E09BC89DFEF7DD94441C650FD3D0C833122002A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\VhdProvider.dll.muiMD5=10536C56F02E68EBD13D0B2CE8665C6A,SHA256=06C3B71D251A8DD47D02EDBFBE84E0B6B1D67956DE4D3996031434CBAD728929,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\UnattendProvider.dll.muiMD5=B7E3676672BE6851EA13ADD879C2945E,SHA256=2D2D82EE842CD346B58DCAFAE6FEC46D491E0D15CFBE0D8964A4AB7F18C5AAB9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\TransmogProvider.dll.muiMD5=D5D596B1102DA565C2ED1FAAC170E758,SHA256=B5DBB36E947FD64AAF22C53F0A9634C7D72D4CC270C055B67E020920BF806909,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\SmiProvider.dll.muiMD5=CAD746ED5AF63E7FC49ED4A5A3984629,SHA256=016C6071B04E6D7E12AD9B8A85C002320331E01ED62922C573A1AC43BA0DD919,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\ProvProvider.dll.muiMD5=70AFEC86B6CF677BF8D3C713CA3281FB,SHA256=C8579EC95A51EB663FFC6145F0998C2F1930A6B8146C84C0A9094BCA4E5195A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\OSProvider.dll.muiMD5=A464DFEDEA8520616AA9B2ACD166A77F,SHA256=54E985CFF256CEBE82E9EF3E814A5FDA9FF730BCB50265E9BA78DE65A4DE3F42,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\OfflineSetupProvider.dll.muiMD5=CED788DBD9D13D0490B2F642B0B051F6,SHA256=D5DBC0A52B598800EE14569859383525950B865F4816E47E2E73F79AA1C32A09,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\MsiProvider.dll.muiMD5=5AE9ABD6BB469F3AD7B3A4CCD40974BF,SHA256=C2CE66F2F218890AA76F8BAB68B4C0FDCED0688E694F912F3A5BFABFA6CDB5E7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\LogProvider.dll.muiMD5=0D4519BC8EB58A006E4A5EB993C0DCCF,SHA256=DAFFE67521F9B4657FBFEF9585234CB39293F9B866C0D97D66F675037515BB51,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\IntlProvider.dll.muiMD5=16ACB74928BC55FD4AAC316F3B92E1D7,SHA256=17CB486CADB679C75A27BA6C76E2FE714F4B8DA845E6F795759517D6734F0BC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\ImagingProvider.dll.muiMD5=26F5BBF8D6EE90B4F47C18E93D1087FB,SHA256=F41738FEF7140176447ECF371B1117A485E48BA6F3E9AFAA8C4F883ABFAE62DA,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\IBSProvider.dll.muiMD5=0B09FE334215A8E736B2CF08A50D5204,SHA256=DCE9AD3B79F91BEBEDDFCD9E03F1557CB7C6114AC906081E9E046F807093CDF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\GenericProvider.dll.muiMD5=956B8B45B92321C0D5975EE9A6C5B773,SHA256=578541D71466CF61EF399023B34EDFCBD915142BE856534AD4D17D25E7CC9F3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\FolderProvider.dll.muiMD5=DC4E4C2800DC6D98F7893044A21D246B,SHA256=8B4CE62F4E4294E701193C7AE393EB5EB29AA45932D376CB1A03728A140096AE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\FfuProvider.dll.muiMD5=5ECAD70AC2B3A95CBB42D6FE67D2F726,SHA256=C210389DBB9B7B4A802E4B0C3C708B6F55B086564A01E19CFB183B6AF916C30A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DmiProvider.dll.muiMD5=38C2A1560C340537C3AE0CE04BDF7EAA,SHA256=52B06DFD85FB5AB1DCE2BE665CA144B1AE6658F518D1623D9B44C347C482B064,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DismProv.dll.muiMD5=BD7B77B3EE9A12FF3F5446ECDF80B5C6,SHA256=B972A0B2C4682E9074441B481BD886DE19B8DB3DBA401B88E980B154C14D5A7E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DismCore.dll.muiMD5=C901FF639EDFBBE710D6E5882F07CD24,SHA256=9BDA61D23DC50F9AFA82DA94B06B7B9C8229D5ED666D2F5270DAE13100815C27,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\CompatProvider.dll.muiMD5=A2A344CB32B6835744A36D877C952665,SHA256=A74D765B796638A921C4810D1712A08F7A37C9BA9E91F4DFDCB9727611C3D18D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\CbsProvider.dll.muiMD5=179B34BE97A383AF3E757031E7DA964B,SHA256=ABD3824664D1336EE849D89BA178606CC1B1E23E173752D8093F34A5580FA8F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\AssocProvider.dll.muiMD5=386FE7AC95738A0CB6D25DEA662991F1,SHA256=22DC7317108A528BA92C853330598F628B93FFF27CAC34C2F501B806A75261D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\AppxProvider.dll.muiMD5=9FF5081115C2C21D9F85AF7EE6D2CC63,SHA256=107B10A8C1426F1C0D703F06832D740A4CFDCAA596FA0EA147A32A736A7A2A4D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DmiProvider.dllMD5=FC76385FF00D4A93618D842B41716D8D,SHA256=BBD49A49CFFA8411FFA91B02541F5F3B5333FD9055BC129DDD3B36EB005C34D9,IMPHASH=062B279D8ED4374A0CD0C84620F4BE4Etruetrue 23542300x8000000000000000171439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismProv.dllMD5=8C7D97E22045AE402EA896F514CEED81,SHA256=76D3202E11BA22D277532A14CAE60E596975C0D8C34C7BE154F453EB1F7C37EF,IMPHASH=0247CB1C8FD55E43A448E359883057DBtruetrue 23542300x8000000000000000171438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exeMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424truetrue 23542300x8000000000000000171437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCorePS.dllMD5=FB88731B484D1FF4AFF5DB75A20799FA,SHA256=EA155388211E0C3CEF2C99BD5F341C9F93F1ECDA6F21096DB6F9DB2110686A52,IMPHASH=65E10DCEA11F7117C161DC7557B87689truetrue 23542300x8000000000000000171436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCore.dllMD5=F1AB58CACD95921A04225222D03CDEA0,SHA256=EDE89F377FD46F95639413411CDA072D9FF63E72A399B26AB4870094F145091B,IMPHASH=B7B56C790C8AB7134B0680D8DFE46658truetrue 23542300x8000000000000000171435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CompatProvider.dllMD5=E5C1D020198EBEC1D5ABA640C9A600D0,SHA256=A80FD2846E05AB491BDAAFCE8854A04549A852066B82B90D757D9B6A44ADA8C8,IMPHASH=2CDD615C09EED7B572606B2A0C0EFD2Ftruetrue 23542300x8000000000000000171434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CbsProvider.dllMD5=D4A64C7C50D0C6BE9F8770177E2264BF,SHA256=E6505F9DBE17DF9E7E52B5FE1720E1F6482B25D262A47A320CF438C5FD5A5797,IMPHASH=99D5DC4FF67AB12670853DD4E32E8358truetrue 23542300x8000000000000000171433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AssocProvider.dllMD5=56CB83B3454882509791FBA62832BC87,SHA256=5B01524CC03B6EB58CC9E0FF479014EAF89EE7FDE2791BFF871BC90274D200AC,IMPHASH=83F73507B4613B09C6FA825535D8A81Etruetrue 23542300x8000000000000000171432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AppxProvider.dllMD5=8F6792DF9EC54934B76A68B1D7B66ECA,SHA256=E57CB2D5CEC5E1354F4E31CD08ADA02FCAA0E2DEA4B28C8F61683BFA3E875C05,IMPHASH=F1558CACACA712554EBD5926B4B3FE52truetrue 23542300x8000000000000000171431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.664{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-winsvc-l1-1-0.dllMD5=09934F0F7227B9489D117C26EC20CD14,SHA256=CBE408A0AFF90986A6A7DDF022F96302B4FADD08A0C3C166CAC7A64D6ABF041D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-1.dllMD5=484ED248F1A72C6E4E6F6C3F5A3339ED,SHA256=00E14515FE6FEBBF3C2CFC89A6F1A3D6F48B3E7A5EB08D50DADF69CE3F34CC47,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-0.dllMD5=FEBE55EA884F3C1EE45ADE2734AA6BE6,SHA256=CD51DF334A600117133C9C8100DDE766D980456988FD333A40BE5A81C8092340,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l2-1-0.dllMD5=0D45D811001E0A7683A2B7CA8A883874,SHA256=F44E2A85D7507159AE115C85C3497C57BE4ECB2D6ADDB30A534110266D56F92F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l1-1-0.dllMD5=C36912B3A28B06F5BB24FE9BE49DA4D3,SHA256=D737A832C0D595E8E52846C2D748B911D7155E372F43FBB10513CFDE0BBF83B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-1.dllMD5=A86D518BCF3970C17A1768792FDF37FF,SHA256=AB5CC1B14D6BB708B5C87C2622DA886E2119A6997E08108CCE36080385DAEE71,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-0.dllMD5=A329C75641638E2FFA11087F614FD4C1,SHA256=5071AA303D436407D195EF37889F018BE7E350DA5E690793587458D4C6D308DB,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-sddl-l1-1-0.dllMD5=C6C6C3E4D7CFA93246362901750A94D9,SHA256=6E274ABE823EF8B30629A99D9F942794C9FE6D003021A0C5085B49A7D8611DDE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-provider-L1-1-0.dllMD5=207B5716605CA4850629F3E2FFFA07BB,SHA256=BE6E6284F69C76BE6366EA8D44D85BDBAB6A71DD42E8B5575CFDF671AD58DCA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-lsapolicy-l1-1-0.dllMD5=FE7AD7265E296947172B8C491E8109D2,SHA256=4D231AC65F0F54BFF45CACFFE7DF3109CF87F78D14960EC8F03654E605AC8ABF,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-1.dllMD5=EBD6475839F5C99FB8855A80E0FC2AF1,SHA256=F519C7AA6930DAC83A3045CEEE42F64F26FFC54254D5ABD1B0F7D99C47569A30,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-0.dllMD5=AC284A6251F5D26633AF48D918D09628,SHA256=F7A34B793AACF75DA4EAE843B6088C0BAAA8B835EA5F6A65E72EBD9A1479C8A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-cryptoapi-l1-1-0.dllMD5=DE0A49D4B2E9A5FA6762BD191C622B32,SHA256=AB12FEAF15CB313812B01AFE1198B62E72F7702D140830ABAD2CFB6251E82A7C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-base-l1-1-0.dllMD5=DC4B661366FEAA4ED54FB1004D9E7A3D,SHA256=B4018F8F249CE087DB46F61A0C2E947248A5B71576F511F0B3650433607BC663,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-EventLog-Legacy-L1-1-0.dllMD5=B8B7B02C3C66638EC0BDF49BCF04A680,SHA256=5D1103E89199731DFFF7BF89D7F6484C038D47CC04F730CD5233EDE488272E6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Provider-L1-1-0.dllMD5=FEAA05CE6CCB92AA7B2A2C58C049891A,SHA256=31A4AE262E179DF4CA406E1AF90F651935657BB5FD990C675C67E37D5B834CFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Legacy-L1-1-0.dllMD5=88450242D5350529CC8E46FD9C3F3B7B,SHA256=312B6BFC89B551F2C4E8FEDAB316DBE01F190CD5E67091AAFB0E6F67616DC745,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Controller-L1-1-0.dllMD5=00A27A81EAAE90C9CED7063013877357,SHA256=DC4EE086FC046E1D7A291EA3B8B13E77B7A252B5C283B8F6C9CEC729070B7822,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-eventing-consumer-l1-1-0.dllMD5=61958A4BE8F944BAFB29DF8009541FCD,SHA256=3B7CB5622BEAC7D633A84EE2F7336C8DE1D3D1AA10577D98020081AB67761FAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dllMD5=8500E093D6B36DF1AF271F6EB34227CA,SHA256=99E2CD36104D3EFD4DEC88AD0F4BED1FD1BBFA97CC4FB29DB7F7136290DD6B70,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-1.dllMD5=5A03B636125C21AB918D2CB04843DBA8,SHA256=C914CD6FE6C7B16533763BC789EDAF67D7A19C26514C927572051C4379C79FC0,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-0.dllMD5=0C61A8D9CF9BBF6D771BEF0FF4A43E23,SHA256=66807B95E13944D52E9A7AA1F1A41E632FAA46F6B48F98451618DB3845622577,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-xstate-l2-1-0.dllMD5=56A386E38B637FCD96CED04CEFBCF8DE,SHA256=A5BE1E3C71A3A5C8EEF4BFAD9D0BADC97BA47B2B9911CED4BD1B8F65BB8DCB77,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-xstate-l1-1-0.dllMD5=6A982D13DDB295E59F90FF23EDD2E60F,SHA256=3617DBCADFE370463B4DBB91C1C6222923F16EC362DE29C2CA3AE4E72C9ABB64,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-wow64-l1-1-0.dllMD5=AE7573E1DC370B9A8FEBCC17A6C82FF8,SHA256=59A473D1AD7C181C89AF00B966CD107F1846CDC526009C4807A1EAE3DCB3731D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-version-l1-1-0.dllMD5=5CB34501C2D784D31281FD526B0BB963,SHA256=E45B73AF0C35F05B01CADF6BD4F67C1497586F4C4F9A16F0448BA751E16C4596,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-util-l1-1-0.dllMD5=212DA9E9AD6BB61A3554A4174BA558CF,SHA256=01291D3895EC5BB0E658F91FE1512AADCBB6D8F1154BC6023076554AFA05AC1D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-url-l1-1-0.dllMD5=198A08F8150D7575CC207CFFCF67D66C,SHA256=86F6DA0F1D075B7E1678DF71689948FEC334CFB10316FEB40E5107135548F9B4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-timezone-l1-1-0.dllMD5=4D7C132D9742FFA44248B1BBF32020FB,SHA256=58A65C1938DCDF64D2930B037E9D133A5ACDF46365835782869D3216D3CF2CED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-private-l1-1-0.dllMD5=A9BC53B62CD4B269B8385ADBE0AE808D,SHA256=A30003AB0C020E433CC5296E7E150BB11820395D439062FF7FD6D7F449C4C5B3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-legacy-l1-1-0.dllMD5=CAC86F4298EB2D239410B3338780DC34,SHA256=1D99842180A612D63F1A8B137A9BF0375B7113AAB325916BA4781AB8A7B68E7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-l1-2-0.dllMD5=D32DDF80AB3F1F96F431E5672DC1F387,SHA256=E2F0F0D46082ED40D042BCCD47F4E917707CF884672C5919116126914FAD4572,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-1.dllMD5=E83097DFE144367FA2231828F9FD89A6,SHA256=69FA978126192DBAB6AF11C9878D9C2BD1FD7E3FC899300244DFA4A1AC7ACA31,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-0.dllMD5=8D842EBFFA7803451A3AC7D6907A6AD9,SHA256=808C22A733B5F6A4E601605DCF4043C9952CEBE825FF2622097FC5B4FACF682A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-1-0.dllMD5=376E34D4A8F94C94FFF063810717612D,SHA256=5285A11016967E2017A8187882579CBD722371D0B7497B356149FC447160A521,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-2-0.dllMD5=E19F4FA6A6313F00ADE8AF26649A0BA1,SHA256=386F6CC0C3CE0C904A44A2FDDD11B2E5EA7782B08E69FD961DA5BE3C32BA5C26,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-1-0.dllMD5=95088E453B41A8B50E7340E6DE9CD09C,SHA256=E4938C16CA5FC7A8C9D87E4201FA2F28992026F5858F36A2A44EA22B5BD0889F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringloader-l1-1-1.dllMD5=FE1D00B19175DE6E9729F709C508DD6B,SHA256=D726F32AEB323F4DEA55D35441D1FF06BF3E212846A6B86D9ADC8F9DD1307B57,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringansi-l1-1-0.dllMD5=43F8D61E2EE0E253B973EFED0B3EBC8D,SHA256=1B9FA225A474D42FF8360141C8BC1EE1E7310958910931AC8E5A213E957700BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-obsolete-l1-1-0.dllMD5=92C0A4E592B5D773C562A36CBA4E6E47,SHA256=5191E82E921398310FE9FD333F5CA44E6233358499EDD5B33BF8E9F0C9D3B88E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-l2-1-0.dllMD5=3E1902AF98905F00E62B1EC827EB0FC2,SHA256=503443DBF6E6E481EA1C661109CE17B3D55C4FEA001D77F11CD032BDDF64FD29,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-string-l1-1-0.dllMD5=D30D4587D051D288D1023DB0D826295A,SHA256=DFE66C8C205C95274565BADB7B3C19043917F6CD07A8DE34CE241EFFF9EA6676,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shutdown-l1-1-0.dllMD5=1D8D1283F8279BDDACF8745AEDA3DB2A,SHA256=21BF3432160DD9851CAAC716DF3A41E39428A84BA9B9D3C63CDD300CB6928300,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-obsolete-l1-1-0.dllMD5=33BEFB60C3DC3E93FCE54A0515100181,SHA256=24B3FA4C5E8AB463BD2CFB704D7BFA7E8429726852EF582F94E44D7691BDD1FB,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-legacy-l1-1-0.dllMD5=699CDC66AA090D13EFF451F2006944CF,SHA256=6212B2B8CF5533F9DB6E366BBADED7A8D6EAD6667EA6A425B6987102669D8D96,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-rtlsupport-l1-1-0.dllMD5=F9672F68330CD16B0D1FA3A75B123AE8,SHA256=C5938839A3DFFBFBFEF432D0A95D0773375B4758FC160EDD04383A4B4273A18B,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l2-1-0.dllMD5=BBC015F33C0C3C2F9FC58C466BF8A30A,SHA256=1ED3511DC98353CA8E9B22A40C318BBD24484C25C171886B06B22AFD396ACFE8,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l1-1-0.dllMD5=D132FADCBF190A1C68070E6D488E67D7,SHA256=E6F51C07641EF931C4F97E5D966242BB96A156A603A7769BEAE0EA61E9E25486,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-realtime-l1-1-0.dllMD5=792C54B79CA333ABBB51BE66815A98CF,SHA256=1E3B3505560AB3E641C386473A83AA194D94CD5BC6CC4FA718D003D1FF899601,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-profile-l1-1-0.dllMD5=C4E53285E8C51DCBEFF5098215759D69,SHA256=320A6138FE915BE7E83F4CDC2024531948185C3BFC939CB367A53F1AA74BFB2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processtopology-obsolete-l1-1-0.dllMD5=99E3ACC47F10000AE67A577F5893FD5A,SHA256=AD01524D3FDDC25C91292808E7B333B587C902E996E557885E79CC10F9A66214,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-2.dllMD5=DABFBC1EAB7AEE555F3BAEAF981EC7EB,SHA256=3070505B0B060D9EE9C2B699A518481A22DC15ECAF9603089FCF9EBC022179C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-1.dllMD5=8C5DF20B2E2DE6BA6717A597A951E4F7,SHA256=BE42C78E3F21CD6E74811F27E1B76C4FE8537FB149EF34EA455F22AAA29720ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-0.dllMD5=3D0CD1FE610E55E8C151162004A1429F,SHA256=D43535460D9CF2F2D348E9F2027DAF9FC0C0C906D5066E15F86332C839C94651,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-2-0.dllMD5=BB20192D0B22AD2EBBF4960B66D2E164,SHA256=23E758C4F7646AACC2DE8B8930BB272115F726F27E5437DF606E1C2328FA48F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-1-0.dllMD5=2CF62C9CF255C15AD1C8B1CCDD9453D6,SHA256=35CDE2048D4EC8D5D02B1CA57B81B8D5F579541EDBAF5DA4485A6323B8C3A805,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-1.dllMD5=FA8EFF9B35BE58F70CD0014DAF108819,SHA256=835F086B0884E8E1689D661657F258FA1E71439672E9F0CC0140D614DAB6FA6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-0.dllMD5=C8490BC5ACB353CAF140CB12670883A2,SHA256=85F3FE5E802843596F466D479111658B08271E48CC1821EB17E6D299D523C95E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-namedpipe-l1-1-0.dllMD5=D8F1E545D80C2045881C7F0525558D80,SHA256=0D9C3D6A6DF364F812D370258C1B3D3F97584E9F7D36569D06746EBA1695D368,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-2.dllMD5=9F77AA276A31F36805DF003F9E66BD99,SHA256=26425008D97A2EA8B95AF52BFE47CF5DE1DE9BB3E25DF77123B85C895192D7D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-1.dllMD5=728A5655624D5B091E8E216BE90D9EF9,SHA256=A2B17F63065CC760FA9CF5D2950D0E13613997546C90CFA1C094CF32171D49ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-0.dllMD5=BA6B6729DC95AA60AF31A160E2CB4533,SHA256=AA433713D5D1DB4413E9F5D938C0C452BAE8EB1BF8CD011803464BBD893BBB08,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-localization-obsolete-l1-2-0.dllMD5=B5727AD79BEBAAB6E6AFA381A28A8E9C,SHA256=C0E101B6BCDDC28A9BA24C7796BBDAAEFC14459E402FD53053F3C23E0D84D040,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-1.dllMD5=FD9B6F1EA88B7167E6EC227A61B90888,SHA256=2FEF21096468EE5C6BFC88971AFDB4CC07F6C4669375561863B85023C15684AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-0.dllMD5=C8420A86D981BB6AA0D32001D234639E,SHA256=2E93EA8BB070C07C39B7F042B7D9843C4B74B3D4E69C8E33D89B0574B2D1D43D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-1.dllMD5=787DCDC02E39A27A63B857FF6E819593,SHA256=91A7DEC7B636C00032D122CA04D4B8653B13E1211C54A4184F3955D2398C2E2E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-0.dllMD5=AC90FCC4E819CD2EEED5D09A1FA42BAC,SHA256=2DA68FCBCE619BE5A90501F971467B7A894C6A705659346729E1E4E306EEB7D7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-1.dllMD5=E269D033D63A117DA8F3F855B90CCBFD,SHA256=41437C84BF757CC5758BF381600D0DECB00E8F8F56F11765203B7880AC4CDDD0,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-0.dllMD5=58B0B7C61F098BD1E73E9C156CB38C64,SHA256=C366B92E7048081C7B336CEAB970BAA20AFDAEE2456820AA38360D1429C27669,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-1.dllMD5=912D93DCBE67A1373D93BACD0174E3ED,SHA256=0B94CB7472E0777AEFC1B3208ADDE41B893B78B3223F515FB86348D3362624C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-0.dllMD5=8E788763C9CDB6E5D1A313C08F7D621E,SHA256=5604FCC803BE14AD10C7A2372FB19BC80D43AD850109A670676982A4EC961473,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-1.dllMD5=DC7E345A08B64DDD90906151E1D566E9,SHA256=ABDC082DAA40FCAF14E4E554DF23CFC48533F5A2157BD540BFEC49EB8E31E403,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-0.dllMD5=A4381D04E233B96B657262DE9B31594C,SHA256=17BE2709D85E6B922BDF5D357FB4CD9416234F8E6685226F5EC776E8B3B5A678,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-interlocked-l1-1-0.dllMD5=39646EB20F4366691E3EFF958C99D1D4,SHA256=262D2C2EBAFFA4276F54B05A5A1DA125CC9DCCAF76EAAD3AAF7B23D54EC33C8E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dllMD5=0C5DE8F3B6CC9B44ED0A0556A02F4867,SHA256=D08261783A1749B08F7423923B00FD77E3B44265889B1F550A64239586BC8FC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-heap-l1-1-0.dllMD5=51EBE577149EABD170684C2668F967ED,SHA256=0091D6C33047D8EF6E0F09E049DF2CABA5EE6B4F5B1870E0A369D3BF6DB72330,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-handle-l1-1-0.dllMD5=F83CB23123F3E4885547ED29F2BD2360,SHA256=495A9EC7C50D6D72F209E1F69C9B0C292D8D32FBE79FE675128786F8E351B988,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-1.dllMD5=8B79E85DB9AA6D00794E5151455951BB,SHA256=EE600140599138132439FA9FB9FA6B028A9BF2A206A856CCB1106EFF45459C13,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-0.dllMD5=455C1AB890C154076E0E23A42F10B6F5,SHA256=DB95D8AA71A8E0A54852C1A83E42267C72E26F2A111AD41146096BF26825FF62,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-1.dllMD5=A9808572063E5A5649EA59F8B40FC7A8,SHA256=D4FD5081924D4B544188A687BD37127E0A38AF310E77C55F6EC22896B95B3C9C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-0.dllMD5=4438E1D7952A77B7F71FF45EF821814F,SHA256=1C4FA5120E310E49C8112ACB6E594DB2F581AE4B6BA6241EEA4301E0E373959F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-1-0.dllMD5=FF5C179E19923B65E650B11283250D50,SHA256=CF84455BC2AADF2960F0AE4D3691BF3032F412578CB2730A27848C6B26D00225,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-1.dllMD5=A263189D905386A2A91CD2EB39D3365D,SHA256=7392027920D102DBE4C2C15590CC471063D6B1456CAA797BB71F8973C60B47FC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-0.dllMD5=A1827E232474C845B7A495D1A4CA6169,SHA256=A95088251923F1233CA4F5675457D6D6B2A1601734D4B5451420298491864746,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-1.dllMD5=E98BCC3FA25D6DB36D50786EF08DBADD,SHA256=7BDA00F42BE64BCC1022EC3000FE2582CDF4CC89083D868ACA9DCE982C98C52C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-0.dllMD5=14E8A42D84E459F617344438903680EE,SHA256=1FCB6E1908C13B5184373E83B3C13FCF96B55E4FBBC8AAF4D6E9DA604DB75848,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-delayload-l1-1-0.dllMD5=762D2E52FAFE433C50648FC23D7C3E76,SHA256=53238588E10FFAABA96C751D34181BA04A869A0474757E79D9FE82ABC3DC7CFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-1.dllMD5=1652E7B742F30832826B48E62485BFC7,SHA256=0362AFCDFB6CA89CDEE0DACEC94A5E45D6910B5337343149007DE2443050D154,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-0.dllMD5=E02F6786930435C736D71E9B6B898773,SHA256=4C0F43EAC3834878F16175B17427C0195A3213B7CDF9702447667D703AA29B54,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-1.dllMD5=78876D83AA27E510EC3DC3355D034B92,SHA256=44A696C4626AF85EA565D651D7FAF5E21B6EB0C6EE47EE93419D8A7BAD565278,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-0.dllMD5=CF9560A4450AC70C51866581802AE8CC,SHA256=A7A23DC37F028D38D2836CE881FCFF1FD066538588B207BBBCC3B1AB96E3AB62,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-console-l1-1-0.dllMD5=893E267BD0B91FADAC2A2BAE70FD0400,SHA256=17D17AC0383117E9A14D7687ECAA3B27AF1C71B89687A5C3E5B8761B2E64EDFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-comm-l1-1-0.dllMD5=C7EC73197892D7F63059C10D19BD5D90,SHA256=768E17ED08111FD22BAAC8FAC00C7DD87F0E57FEFCDAC58CE04B868528B2FDFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-com-l1-1-0.dllMD5=08A5A3129DCB52F3C4E51EE3C4A827E7,SHA256=3C6549832275052BCC2234CC4433D95407800ED65359F5147C4762EE0C71F712,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-base-util-l1-1-0.dllMD5=29CD6DDC6BADE9098B9A4402C6336D62,SHA256=B97C475AA8241C9B674E8C51C387AFAAA7977B036D9E2F7FAFB6CACC11D985BE,IMPHASH=00000000000000000000000000000000truetrue 534500x8000000000000000171336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.565{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe 10341000x8000000000000000171335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8C10-00000000D001}34801992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x8000000000000000171333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.152{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.152{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.697{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61C9A40E04847144C0966BA0CEEEC760,SHA256=94ADC4E6EDF5CF629BCC22D8B05DB57B6F33900C081F2F075A89A521A849BCB8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:09.126{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50803-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.163{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=9790551047680A6DF25639F90A010A81,SHA256=D8BF652F792FEDC8B287207E66CE043FF65A260A6A720D5590723CFAF514344C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.163{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D6FA66B2470FD922682BD251DA288402,SHA256=F769E3AFF80AA8E418490822BE2603ABD02500CA4F087810CE26E59A640631B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.742{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9076215283FFA356DCEC41C70ACDC1BE,SHA256=1C395491D536A7E00E9F6302D34A436348F1FFEA2E121BA4239288532923B8BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.711{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.695{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.695{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.826{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E1FE9ACEC5FC7D9A30F3D9DC0FD3DA6,SHA256=143D64A44CE4091E3C7050D521FE682E9603517DECA6420E576D4389CC8D5DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.742{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F1014EE0E46D649ECBBBEDAAEF72C130,SHA256=82EDABB4EECCFCA77C39A674B6FE078011DB956A688FFC58A92FA95776AFCAD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.211{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=9FC0E691F7AB817E9F16FB56F6578469,SHA256=A7EBF8D7225B7AD510273219CCEAC58E74C7AFACA244A3EC4C991A0177036240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6004E23727B6C78E0EAD391E647943B,SHA256=6CE6A0E5F15202D224711D41A3597D0A29646262D0AAD93E0BB173B7DA507A4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.341{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.341{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.862{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30996220B282DC39BAE5D4C02942BF0C,SHA256=2BD2E79A99CF6666E723513F1F4F683037381A340111F4762FF9177EA763A2DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.760{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000171502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 10341000x8000000000000000171501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.241{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.226{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.226{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.893{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B48E22633461BD96EC82919AD4CF2489,SHA256=CA7E426556634E3E85DC897FA0AAF30B782D6F3C7F57A09E3DEB3A4D4A11EA2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.049{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50804-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.259{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0E9C1ADB40FDAEBAF27B24CB68879E97,SHA256=F0CB80EA23132EDD321176421E8DA9AE219D6C88A61E6B53DED40144D3910718,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.141{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.923{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F377195BA50CA00B561299894F3C00A5,SHA256=FFA2A35EB39F37D258D762358C012838CA388F09E04E0CA8260A087224990307,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.761{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.757{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.757{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 22542200x8000000000000000171510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.594{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388google.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:18.971{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A869AF71A83B67AE338B559F1378C06,SHA256=2058CEA703182C4DF5FA2709F1BF28B21FA868B06233308D7F3807B7CB47214E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:18.792{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A5B68503D04D13B41970EBB30D3E282F,SHA256=08828DC2AD6004780684233C6958E8E68A1CCDC5292F658A0A26206C72A9C502,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=0740E3DB4A1F45B6F84885CAEC4A343C,SHA256=86ADDBDBC7D41EF76682C4F2B5FAAF2DEB5863E8279CB92A5569FD454CE8040C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B67B8C0BE90154F9FD1F38C4F30C2C1,SHA256=BA49553401F26468B7C6BC6CED04DEAE75FC89230722A0BEF61620B387117443,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-A2B7-60D0-9F10-00000000D001}69406976C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000171576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\aborted-session-pingMD5=646A678C23E4839CA2767F10C473BB57,SHA256=DEE755AB4AA73216DBF68CB7D68F8B10069212474AAC222B7B838FEAF085ED7E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.485{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/0038ff1c-88bb-4a08-8117-9aa50bb1935f/main/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\0038ff1c-88bb-4a08-8117-9aa50bb1935fC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000171566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-A2B7-60D0-9D10-00000000D001}68766908C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-A2B7-60D0-9B10-00000000D001}68446884C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.462{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/e502362f-0590-4231-ba48-6a2f9c68183b/health/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\e502362f-0590-4231-ba48-6a2f9c68183bC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000171554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.458{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.454{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.452{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/9815869a-8e9c-40b0-b217-c6217aa5f4bd/event/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\9815869a-8e9c-40b0-b217-c6217aa5f4bdC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000171546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.407{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\uninstall_ping_308046B0AF4A39CB_49112669-7057-4a07-b764-51fa1145c0d6.jsonMD5=4DD0CAEDEBF394FC228F588F1A37D4BC,SHA256=72600CDBD32328133F609021F5F7F9E6778D6717DAD8F5AB066D62557B0DC05E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.376{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\session-state.jsonMD5=B08C46B12EC383AA9C3C962AF208E838,SHA256=08FF3262D269FE70E707D3E2DE35AE63B67B40CE77F2529A60ED05DE44930E3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.355{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=96A631EFBE9E68589198FB3D6FFF8366,SHA256=555CD90105C08351B9A6CA25126A8323A56564432C3B230296DDF9D7B1883C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.354{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=DE6FEFD64A2B0FAF2674C088E4680A61,SHA256=51896FDE08CE24F917357FE3456B6368E2D66921DF4D1D9D59AADB9FF6B7F097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\xulstore.jsonMD5=05E1DDB4298BE4C948C3AE839859C3E9,SHA256=1C2C5D5211674C3C8473E0589085499471399E53E9A85D7DD3B075FEF6CBB6BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 11241100x8000000000000000171534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txt2021-06-21 14:30:30.385 23542300x8000000000000000171533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txtMD5=2DD29942B65088A0A109ECC5E7C0CF68,SHA256=FE24548702100615FE016FA0F75270EFF9984DCA224F02F56D8A16F890F00B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsYSw=MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.291{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\startupCache\startupCache.8.littleMD5=94B070311BCC0202BEC9354C04F4E2E2,SHA256=29F0458A44737C4398F44D6D8CF42B0179CCFB1924E8DFC69C48BEFEEAF1CF42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.276{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 23542300x8000000000000000171521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.jsonlz4MD5=3E26B0CDE8A23DEFC23EFCF02D8E3384,SHA256=422DDA764FBBE61F5EB96CD252AA550C0D38C190751896CDEFC06F4D8FB02924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.baklz4MD5=3E31592036E7168AA81C15D75B2A1C0C,SHA256=455030ED72240DDA8AA01849405255CF671A00322108CE21C1C7D53EDD83FF20,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.259{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.255{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.238{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.669{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A61C7A598D2F0548CDF301EB78E54024,SHA256=71781DB82E7E4F2C03E679A0EC9B09B84B1AB2E5C13B46950801A44D235F3CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.669{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB8332E4182B32EAA8CE57B163690788,SHA256=234B35BA662E82456C95526E11A8E682805D0D36F73CB2FD63CB1C6F37D65653,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.405{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.405{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9CCBAD964D9CF35087397D1BB9C0CB6,SHA256=5A3E6B6E8B5F2CF2F43CDDF44AA4A26960879E6F77897560EB0EFDE4EF23EE51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.310{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F460667CD7EEA380C13F39ED1A252FD6,SHA256=56FECF0B7B27AE0F15A1269F9F636930B8C4EF8F087DED327855CAE8029518B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.154{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50805-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C984A5BA1DA33087820FC90797C7DEA,SHA256=94FC269F912CEBD0CD0614021AEE4A5CA3BF523DBD2E654478C298AFD991F8DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.825{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 354300x8000000000000000171616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.280{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal137netbios-ns 23542300x8000000000000000171615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.216{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=962A93C2023859D49A113BA9C1480A52,SHA256=E36CA525E545EFD11D3C6EE417122CB5C61734E30F4585DB16F97FE9511AE254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.857{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=52DAA864096D004FB7A2CCF61453F484,SHA256=840166805947EFE38AD54B656E6746963112128EAE833C1D49A1B39052DDC049,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.419{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10CDD1E020F13F378B239CE9A53DB70A,SHA256=9C2EF1220B8728ED7EC0939284EF7AB21C63C3AB51E05F2A6D999FE776FAFF73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:24.825{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=7DC0EBA803D877510E37084196101AC9,SHA256=E99A193C32BC73256F71BFFF341EA8AFEE0AD2A73BCBBDB490F136961F7CBD0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:24.482{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4BE5D1FF2593B35D5802607C9073299,SHA256=3648EB704D574BD1775CC677FA43D76EDA224D4EA5EEFB8F0D8BF0E627D5792A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.497{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36A2F5C388922E5ED0966F23BB91367,SHA256=4F2D95EB6616983B6AB39C965AD474976DD17AF430E7C77A0599BEC62296A723,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:26.513{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=674883657254F5B80409D9DDC339F94E,SHA256=5625A702D57D0652A0070C0A6AD7CE4CB66C38DE80FD73FD687E9C0BBE7130B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.217{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50807-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:26.357{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=650C37F98D3194269313AC055634D56F,SHA256=2492BEC9383A60DB5C790E843034358B63546E866F96E1472454EA8FEFA4BB02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.544{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6E32F51D1AA8F70EC8E1235A9783ED,SHA256=F17CE0C49E83358D4C48F55C11582AD1D79FCE141955060A7FC555E902738CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xmlMD5=9608F77DB2512D1A4AE34FF96B1D8AA1,SHA256=A3B3589CD8B4CD1AC47043DB0FE3412274A1CEE764B558B44FFD8FA0D85B1066,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.2.32.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.982 23542300x8000000000000000171866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.2.32.0\.argumentsMD5=CA19F80971E26BE384996F690D0D250E,SHA256=11489F31B761FEA057570062F8A18EB2F8C367972ADDABA961B5CD2D0E2CF079,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.966 23542300x8000000000000000171864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etlMD5=C7DD7FF095DB32CFEA8586735A397FA3,SHA256=87A6388338FFA5C94A31687325F3BA5D92DFF53DDB9047B0CD7A35DD3372768D,IMPHASH=00000000000000000000000000000000false