23542300x8000000000000000168387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:02.888{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=216CE959930A0508378FBAF5106B7938,SHA256=91AEF0D331A9BF20EC20DC36936F4B4E0D485ABEEEBC007EB45FD63C56CACCC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:03.904{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=928CA0BF9806A75CB677A95256493A5A,SHA256=0EE6AC2C735051B44B0070234B3CAAF1B7FA932DEBEB9B68942B454814AA9FE7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:04.920{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5C98662317D7B621FB5D22AC42A74E5D,SHA256=7913F74704CDA03FE07EA05D7EBD9450404B702D748C4F42086B69396B0A8965,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:05.935{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11122C8D54D2E2886D9CDD4481E7BA4E,SHA256=51413FFE5A563915B87F86D1F7009E12135EB0FD6306F98040A1FCA624326CE7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:03.083{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50699-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:06.966{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D26B8021C04C149F6979D16DE9C121F0,SHA256=D9ED65CC0A8D570871C3C144D2B5C095A5C6090ACE2C54D22056CEF673482F6B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:08.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B822EA0FD7B75F106043F137992A6D95,SHA256=9B476838F5F3FB9D204A3F6E22EDE281EE6350B26533C79F5A7E4528919CD7C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:09.404{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EB927F8E353457F291D0C83543958EB,SHA256=FE3F6FF3F55DE71251D25C09706B94F4991DF1652D4CD1B7C9A82A899C7F8BAF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:10.623{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FAEC9B9205102F4DFE648C27058F4D0,SHA256=D9D2A2B95B3DFE7E5333BF111A7351682D4A9105B48C00FA85D85C9D7F3F27C6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:08.192{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50700-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:11.638{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=377C93BF250F1299EAC8A63EA3489DFC,SHA256=2BE2AAC7F101A9201E3923F615851D53D9BA9AE1CBB24D81C5D45E61A0DD1C51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:12.701{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1E79C76098622DF784A36ACA593E018C,SHA256=D3B3365BA01BAB65DFE5C9DECC458513F9F4CDA8B49D53C476906E19F6664613,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:13.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1DE592848D9497945BD9A6DE2F1B3C9,SHA256=96C943C65D99609D65FAEC1E28D5BEBB1ECC0ABDE5A5AE9C2A6EBAA494C17C42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.826{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AF59D62AEB4F8E11570127D06EAC71C,SHA256=F0A73643A50E03D19D0B2B51FB364F08BDF37E36342886F796F359CE00185840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.716{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4517-60D0-0100-00000000D001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 354300x8000000000000000168407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:13.208{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50701-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000168406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.638{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1910-00000000D001}2428C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.623{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1D9-60D0-1A10-00000000D001}2444C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.919{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=40F7B839BF37FD8D7120E40C63BF7595,SHA256=815459B6DB9A008ABA88D278D8845BE9CAE47D25A6DAF9B84725E3F36C6A1065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.666{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C722700B929AF86365611367BFBCF76C,SHA256=678136ADA4C3FB836610FB26449E1FF12DC486F424BAB4CE2757E8B77A2CD0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.666{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD387F41D2DF1D8F21C523D83760CB8A,SHA256=083C7A410F3F0C70562D969D1964BDEA19DAE7DB16E2BE452BBCACD0AD64E203,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.635{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.619{D8DCB3A2-A1FF-60D0-1D10-00000000D001}46442792C:\Windows\system32\conhost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7565500C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7565500C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+ac96|c:\windows\system32\pcasvc.dll+aaf6|c:\windows\system32\pcasvc.dll+aab8|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.604{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564188C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+18cf7c|C:\Windows\System32\SHELL32.dll+18ccd3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:15.607{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Temp\testsysmon.exe" C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 354300x8000000000000000168446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.696{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50704-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000168445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.695{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50704-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000168444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.594{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-385.attackrange.local50703-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000168443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.594{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50703-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000168442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.586{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50702-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:14.586{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50702-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 23542300x8000000000000000168447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:17.062{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E462713840661D36F3C1E06179B5434,SHA256=0F671FDD6296ECF52C3E9C90835A394034E20890592B147E3E32B742D9269A8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:18.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2EB2473079CB359152CAEB216AB2CA6D,SHA256=A50F3FF46ABC88BF415F19058C7E821A9A65BD989C49D747A634DBE4FCDB6ACE,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localInvDBSetValue2021-06-21 14:28:19.734{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Temp\testsysmon.exeBinary Data 10341000x8000000000000000168467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.172{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.172{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.140{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.140{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36dd2|c:\windows\system32\rpcss.dll+3dbed|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.109{D8DCB3A2-A203-60D0-1F10-00000000D001}2196C:\Windows\System32\InstallAgent.exe10.0.14393.4169 (rs1_release.210107-1130)InstallAgentMicrosoft® Windows® Operating SystemMicrosoft CorporationInstallAgent.exeC:\Windows\System32\InstallAgent.exe -EmbeddingC:\Windows\system32\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=88C7DCDD735B31E4F5620E4B9F38C87F,SHA256=5EF1322B96F176C4EA4B8304CAF8B45E2E42C3188AA82ED1FD6196AFC04B7297,IMPHASH=EAB6EF3DE625719627DC808B5F0501FC{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 23542300x8000000000000000168454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.094{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6B193136B06EFA1C6C8ABA2904064BBB,SHA256=3A938C844BA42CE6D7F049D253BC2D20D926069EEF65B5A60722ECA95196BECD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.062{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+8b22|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000168471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:19.022{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50705-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:20.109{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3103AB26328707E6267293060E4CBD72,SHA256=25C34C1EC7B9236D4ACFBA0B93DA5E732CA7D607C58B59C0482432BF12FFD7F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:20.109{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C722700B929AF86365611367BFBCF76C,SHA256=678136ADA4C3FB836610FB26449E1FF12DC486F424BAB4CE2757E8B77A2CD0A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:21.125{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=869D6EE28905A43DE1A1884F39844B6F,SHA256=91279987FDE4191DD07B8E2169A5DEF6D5E3681B3A6D7E5FE8EEB0BA3863FE06,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:22.140{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7D4BEAA28FF5CA123B0E9E2F7C135A9,SHA256=6AA8E66D602EDABBF9972130212672C3AE0A15C8F788A549A9AED30479A0E805,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:23.156{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3E4A6C0214B464174E703197D79E062F,SHA256=06CB398DEAD7F31EB54D388954DC0CA0C62B8BD68F820BA425D350F6E2406D43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.797{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=F1D7E97F427B2FC44B4FBB2ECDA0CEAD,SHA256=76F49DC427068DD52FC933A98F08986028D602C67C8B9CA93091467BA8BDCC25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.172{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7A6F656B29A216ED6ADBB4042D9EC03,SHA256=30E192FCBE150F28A36016608EB6119AC6E7297F0EE1247E791C597CD54D343A,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:24.069{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50706-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:25.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8391ABA13B9295F1873329C423E7DE84,SHA256=0E0C6E739B161A382555C08C8B4FA4DEF275AE4DDAFDF4CFF4EF9E0B02FB1C35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D10FCF212E4D8D12BA475116058D82A,SHA256=25078A85ED96A20340E0A0A83D6F43B5F22C42720AE9AD2523AD978F3FA098C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AF87A3EEB30CDD1C30090D346F3E2B2D,SHA256=C5C68A72B7AA616A91F69335B61F2B770AA97810937388D52E5C726267D960F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:26.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8D657EB1C4CF57DCF5B67540B3FB7073,SHA256=35A191357003B7C8FF14EC29C1EA3E2C22E3A64A1CEB08E5766FFBDA93D43525,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:27.203{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C4C06A0591D05042A891620C32601073,SHA256=0BD43B985E43D724F0EEDE047B9AEC6B51D0CFF5161450171CA186F346F220DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:28.219{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9F5E884E1846D42271EC4688A4B61F1E,SHA256=38D5EC3D77D4BAE36C4D6C2559B0C3F4E398093FBA1361B7934A452E49E490E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:29.234{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FF04124FAA8CF10532699A0FF6698837,SHA256=6440C79DEAEB7CE506342303FD4F8F1B3C6046509E7DE25A371DA83B42683C40,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:29.147{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50707-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:30.250{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E6BFC15B5F9C29E0B327FA3E979741D,SHA256=958939495B868D9E6360DFE7CE04BF02AD70EB6980EF0F8BEF406BB213CCB2D1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:31.265{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DED3999AE08BC1D030408D81E1B0E00F,SHA256=DD0A31D6653A588B3B2AE703B9BEC36D3699FE4827ADDA9CE16CD4BFAFE1401B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.359{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.360{D8DCB3A2-A210-60D0-2010-00000000D001}5724C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:32.265{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BBA2CE3F99F2E3E3CCE3BD3CE181ED2,SHA256=004044C88995BCB5AFCE618B58E31C07495BC67F5DC5D0999AB7794E539DDE6B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.609{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.611{D8DCB3A2-A211-60D0-2210-00000000D001}6104C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=841E297EDAC41031A0D8AF63788681FC,SHA256=507C3C192FD61830E64B66EF4ADA7E5576AB19A78442F486D6260E1227C3E53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8D10FCF212E4D8D12BA475116058D82A,SHA256=25078A85ED96A20340E0A0A83D6F43B5F22C42720AE9AD2523AD978F3FA098C0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.281{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AAD91D3A15A4C0CF19B85BA38A16EA3,SHA256=F762A26D7FF32990BB3F6F951AD0E2E5C7162A5D559598EED6957148F81456BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.203{D8DCB3A2-A211-60D0-2110-00000000D001}59804064C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.031{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:33.032{D8DCB3A2-A211-60D0-2110-00000000D001}5980C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:34.609{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=841E297EDAC41031A0D8AF63788681FC,SHA256=507C3C192FD61830E64B66EF4ADA7E5576AB19A78442F486D6260E1227C3E53B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:34.281{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB8428B3C78F742CFDCBB6CF4AFAEF29,SHA256=26477000ED59B0A50DCCA85F99D0139C0F8A06F3AFFB6F684E857302697ABB8C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.828{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.829{D8DCB3A2-A213-60D0-2410-00000000D001}860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000168528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.297{D8DCB3A2-A213-60D0-2310-00000000D001}55522964C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.297{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EF0DDB26B6ACB8F02215D811FEDE8FA,SHA256=F5E93682332FA43B90CD075A443C9E006E18DB556C8EA7E064F3220B5FB0B7B4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.156{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.157{D8DCB3A2-A213-60D0-2310-00000000D001}5552C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000168548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.688{D8DCB3A2-A214-60D0-2510-00000000D001}57085356C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.532{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.533{D8DCB3A2-A214-60D0-2510-00000000D001}5708C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.298{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B7F7A25DAB0E278F811B5D14122047D,SHA256=908B7938F0BC6B0667038E816195D71A606FF33000C4C811BAFCD5C53453BF1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.187{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=04E0A8A3AF85E07CAD15FA029B6CB59A,SHA256=C3274F45928CD2AD88A90F6ECEEF3BB2B6E26CE2EA5174C916920F87224154B2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:36.000{D8DCB3A2-A213-60D0-2410-00000000D001}8605040C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.735{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F63FC4AA48D38678ED9EF7AD31120715,SHA256=A45D603E1A06C7D62CFEE3C6B9ED39D13292557D7DA489ABBA9450DC41D8916B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.704{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.705{D8DCB3A2-A215-60D0-2610-00000000D001}356C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:37.298{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18C25878A45A199764A24DF4CE24C8BD,SHA256=B01D05929882BF9324FF615D0253D4B94BCDF41B8139C74411C26BCDF7E8A8BF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:35.022{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50708-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:38.314{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B03401F610ABAFF1F39AAAA059C6B3B,SHA256=5A38342610E33506D18E998D997C4FC5CACCAF409B5C15DB1B385FBF40528271,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:39.314{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE4332048B5D402092416975EA9BEDE9,SHA256=6D7883FB6EBD3D9AABAA4A6021E7F80C94FE03F30291C91CABAAE582F2A3FF01,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:40.329{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F334C60B450CBCC9C3196624D3672CC0,SHA256=668271274DD4AE2FC484E49507FB5293FF9C672B8EBA6779908239910523FF70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:41.345{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2F6BD06E480D28BD1864141CA422B656,SHA256=3EF3A71165D4188769B4AC40B689E58F1530F205DC20C96D99960AE3B1888070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE955ED8867B27D61E6F74387AD9F640,SHA256=2195CB08A661199C68CE8A0E5589EDC3DF9B80F3C60C729847557034127BA362,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:40.101{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50709-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.173{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:43.376{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B40B0D8B20C661935BA2BFB5082E0BDB,SHA256=37BA0278949FF67DE9AA98434FA177EE27E4EC3BBED2838FB1B612AF697587EA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:42.132{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50710-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000168568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:44.392{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD613349D5F06E9208192BC97D666826,SHA256=9E78525770E3903488DC40E6F98FCB1CC868CEDAEB42F5C4E66ACD37A9EC36E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:45.407{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DE8DE137A5BAAD945C5D93C2C670AB5,SHA256=5D35D6261EF2A2F0B17A6EC9E7A62CDA37940EB0CD3E0A89B826DEC1500E938B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:46.423{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=58C06A37838D7F0AB9AC70ECA69AE14B,SHA256=C06AEE33DF8C1941E828BB05E9216D06561655C618E8D232AE6AA0E6606131E8,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\DFD6B7A8-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_DFD6B7A8-0000-0000-0000-100000000000.XML 13241300x8000000000000000168575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Config SourceDWORD (0x00000001) 13241300x8000000000000000168574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:28:47.610{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_9421F5BD-5BA0-453C-965D-CEB3A23E49AE.XML 354300x8000000000000000168573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:45.226{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50711-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.439{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3AACE2ED9A73D762A0839890F70DAF9E,SHA256=7B8422CAFB76C6AEDB1868C91BE1EE98E8259E65E4D5D8651FA61343DDF23003,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1BE1C4BE2B0B063FE6936C6BB02D731,SHA256=6FDD4C8D290AC04E936AF34EDC5FD05408C7F900F137CEBAAC4E8EA2BAF30D5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C2B4CAF9DE98F8AD986490F060EDD533,SHA256=0A0E7C630B7EA9D4614B6107F691A841006D3E2EB3185E3131C7BD674D6E4FDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:48.454{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C21A6A13CB1ACAFB98136C0241D45EE,SHA256=68F9CB99186082DCFAE59B09AFF17F2463F044B63538FCCADBE218896F8A2A45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:49.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=52F0011746439C14DF1FCFED91424719,SHA256=EC6FF9F56DF1113BCBECBCD729B9C028B8269768B9A362A797641619EEDF57B1,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.614{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50714-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.614{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50714-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.605{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50713-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.605{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50713-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000168581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.586{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50712-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 354300x8000000000000000168580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:47.586{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50712-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 10341000x8000000000000000168613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.923{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:50.485{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEDF60FF5873215A7290DB674DEAD132,SHA256=018D3651592C2C61BA8BCB10196D092FA1627E16E354CD9A0A72E4FF85B4D8C8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:51.485{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1741BFFCEA1228072262220C407AAA9D,SHA256=A49E0385CAA57286866CBA01916AC1698293B886DA6C6940A15257CBA5EBD376,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:51.069{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50715-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:52.501{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F69691C35AC2B38DCE755A0DD382095,SHA256=01114A5576918BB20C255176D8B2D23BB710B80B18644486BEA920CEE88C0D8F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:53.501{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A057404A8533EE5E40C3B179169305A4,SHA256=E249CE120112A8C36EA66D1BB3B01C62EC61212C2BA43B39AA2966AE646592DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.517{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A49D09E8512364C493671C92EFC6412,SHA256=C7C791475CDC8A182F28964B1EA5BEE01947FA515F60BC1AB9DDD11264D91067,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.319{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50716-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000168622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:54.319{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50716-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000168621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.532{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BAEF93BA206D25028A2A86D1A4F62EEF,SHA256=76F9E601C843DD5B812FA0F3B53F0F03BC122DD2D49A45D7E95AE51CB76162A3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91CF4A88F57365B5A7E12EF9E06B9FDE,SHA256=41B308203339A9ADD7F52F3716335F98E9CF672FB18E735E3453519B9B09D731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:55.360{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B1BE1C4BE2B0B063FE6936C6BB02D731,SHA256=6FDD4C8D290AC04E936AF34EDC5FD05408C7F900F137CEBAAC4E8EA2BAF30D5B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:56.547{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CCDB3B2BF2F7CB70B24F708E9AED6E5A,SHA256=CB03F91B2492B5DD1479CAE9FC00A792B9B721DC9E011E7D72CBD785DB430D3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:57.562{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=14336B00B261FF79DB772F66D66F019E,SHA256=92BFB2376DF84CEFCA544DF6369C2BCAC3E8C1CB200B476ACC155CFB44C0C970,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:56.132{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50717-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:58.781{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C191C49475678251D38B6AC372DC8E34,SHA256=33CC3ABAD1325C3E3135E8652CB8E52FBEDE5B088633FF1DAAF74EDD49FAB8B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:28:59.828{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4EACAEDF6784038CE215ADCB478CAE7A,SHA256=6AA70CAA8434F99CC8F6D63B4C7C77122CD80D749FF0B314366DFE197DA6EFAB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:01.062{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25B860984B77E9DAD5017EBEEBE38BF4,SHA256=38D055858F1C1283BC7A2919BF2CD5F21FA2E4CA2DDD95F684036241D373CE68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:02.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F8B33DD569AE686B4F8D2847900B8524,SHA256=9789C54895DF887A96AD9FA60358DAD80D51266B1CDD8FABC6B1BF4301939D39,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:02.052{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50718-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:03.328{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=834FE527B4E7B0BA76ACC4EB3AC53E3A,SHA256=06450C858A9E7E630B565381C4AB14A33AD8AE7B2DA01F05C7A6BF0B486199DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:04.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A7B7F9B7E328D2A6104F9360C05FFB5D,SHA256=63FC38B5F6C4ACFBCB4A6B33CBA3183DE618B617EB640642B4C403361FB4EBBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:05.422{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=79F5ED59702933D24CD0C7BBFDB7635A,SHA256=C4E418C888F4819215F30628F4E969A44A42BD5735239E04C7DFF3F8F9539D35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:06.594{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D5B414912CE1687B1AC25B00AD7055B9,SHA256=55EC318CB92F49871C6228883E7DA52D0C3CC239C17D9F44F47386A1B6C87513,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:07.609{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9D7551DA637FFE23A53990F07BD0C6FD,SHA256=9D647011A2D29B4E3D55C03E19EE8BD2DD455AFF275A2AD2C42AEC438E2D1F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:08.656{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=80E9C4B5CD573E311B47F82A1CE355AB,SHA256=15014031D68405DD9E0659727530C8C759F520B3E2F7D5D272FE7C757805B719,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:09.703{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CE20D3B80C0E407E22E5F3D8E26B0FA3,SHA256=0BEE8ACD6C7A13A54E3FDAE2082E375926A3A3D9CDAA894A474DA367E139EE80,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:07.099{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50719-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:10.906{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F197D8D4A2296D944E46F9D47DAF4C,SHA256=8EC3CC6D49E6572D03706D2899998FC9633B829E9E5AA5C1CD9B7CC3099EADDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:12.078{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B5A6E2E60BE912585AE8988E4C912702,SHA256=FFD26740F2200DE9D6AC8F92774454419C4B1FBAF85509CF8C4A9F81156FCF89,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:13.297{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=090EA6FED33FD82586EE81902833B1C4,SHA256=D1DF8B371995B54C5EACC8B851DAF7470F66124A541B13CF228F74EEEFE28BCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:14.359{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6D98725E982AC820677E914E3542EC5D,SHA256=498F99CF30C0523E58B090C95E6D253D107AEC821FF5781E73186B82D229A47C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:15.407{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F4B37420D79E8B78201183C2A341AEE,SHA256=41A4282B77DCA80F64581A5A3D826370536808984B3CC0DE216AE8DD95CCFEA4,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:13.099{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50720-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:16.412{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48A6F2434DFCBBBFD3A8189F581E3E55,SHA256=5526BF8E38BC0AC9FA2DE5832A124FC84C3860D410D6F76646F7A3EB72770B17,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:17.415{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D1FD2457C61D91FAF0307522F31F202,SHA256=F4C01C9C70A6126F9044940326BD5C9ACDA235EC06AF91DB94DCD377D8349190,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:18.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1F5CBE7AB7BFF9ED98F619524408808E,SHA256=753732A09C30408F3572D5C312D08D1A139C2FED978E20F0857ECDB65EA781A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:19.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F15A31D05EF574C1F4BEC8ABF4E4C650,SHA256=DE4F3C44A326F4830075AC6636B6A38860078C12DA53274650A228B52B7FF25B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:20.806{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1B1F4FCCD3555D53E610232A35BA66C9,SHA256=B856A9B5E6C15C0D5B8E89042C074C6BDDCEB195017AAEAD14B4D8AA537B7411,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:18.108{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50721-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:21.822{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=97FD3123969EFCB5DAE983AECAC5DE3C,SHA256=214BA1A190AAAB2E32D4BA792AD45EDE0B0C15AADC94E08B306974765379B89A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:22.853{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=313F8B316DDCBED61DA960A3EC0288D1,SHA256=89ACB1B4454094A929DD462E55EF653B9251F04C4ACA6CB0D89DA4E2EFF4EB83,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:23.869{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A41601158B78245D1D0CD3C07ABBA7F,SHA256=AEE90154ADF1EB355BC3CAB0ADD9FB8E25894927AE35CAC410FA036EBD3725A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:24.900{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95395ABAC702C0795B30C85DF3544504,SHA256=083D68A7B7CF715BFBABAF42DB5C5688CA13E4912004ACF304B8FABCAF3DD9EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:24.806{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=5B2DCCFFE2D4FD6F944852909574E181,SHA256=B7DFD9595FC0CD4C40F0761B1307AFE8C09103A39B0746B6A675F5C35573719E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:23.123{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50722-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:25.900{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C46FB94BF820CF86C1CE9B2189453556,SHA256=264223D74DEFB19D33BA739159894CB65378B4F4092AE7E9611B9810F1ADB3D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:27.119{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82EB3A6F873F820DBB5707F8953491EC,SHA256=AD8354F7DAF5A7ECCC4D50E3F32B910E87C4158FCDFB888EB89AC8BAAB584C41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:28.353{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=933162B5B92C094E8E618B58267B62D3,SHA256=2A0830A6595CCEC6E5C9813A37B52FA993B7FBEBBE9BAB99494662F91C72D0BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:29.415{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=678FE21CAF023CB69A65D771BE3618F2,SHA256=D58A42D1BDD76B37B5ADB1928CAEF18AC71BE861E7508310805C95D59BD68BAE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:29.045{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50723-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:30.447{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=186B4DA2CC5E4DE96301103B01B1D892,SHA256=662BDAA541B8194EFBA230E7BF2FA0121628321FC597D803DB1FBDF55974F856,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:31.650{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4023EEE17723191DF50224D54712ED39,SHA256=F93653EEA836F8B32581928D5A76EA96013F321E3714C7878B168D1FA509B840,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.962{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.963{D8DCB3A2-A24C-60D0-2810-00000000D001}2896C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.681{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E7E3AA55E6ED9B75E76519D08EDFC180,SHA256=F6A7894084463F69F64B72A3B25F751FF4D79C51B59D9A9C35756DDE7D507257,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.353{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:32.354{D8DCB3A2-A24C-60D0-2710-00000000D001}5300C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.915{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BE1946C26EE3B756D8B362ADA06366DE,SHA256=DD5FA10062E1796945D0976615D2572416EF4D25FDC7D342D97278CFE3539652,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.603{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.604{D8DCB3A2-A24D-60D0-2910-00000000D001}5196C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.384{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22A1A5DE151B7B51F6A8C02C7DDDF3F9,SHA256=6925D6D2310D51E6AF5E5BC91AFD31C047EFE773A2BB6287E6155A7B7102B019,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.384{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=91CF4A88F57365B5A7E12EF9E06B9FDE,SHA256=41B308203339A9ADD7F52F3716335F98E9CF672FB18E735E3453519B9B09D731,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:33.134{D8DCB3A2-A24C-60D0-2810-00000000D001}28965732C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:34.837{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=22A1A5DE151B7B51F6A8C02C7DDDF3F9,SHA256=6925D6D2310D51E6AF5E5BC91AFD31C047EFE773A2BB6287E6155A7B7102B019,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.931{D8DCB3A2-A24F-60D0-2B10-00000000D001}9764712C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.775{D8DCB3A2-A24F-60D0-2B10-00000000D001}976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000168705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:34.232{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50724-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000168704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.275{D8DCB3A2-A24F-60D0-2A10-00000000D001}61124328C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.103{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.104{D8DCB3A2-A24F-60D0-2A10-00000000D001}6112C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:35.009{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1E0B75A4D2A27D3A0D8B1E822C86DC9,SHA256=98E2FBF5A52DFAD86B730F522B1651474893734C038DF0636767F71B32526E53,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.633{D8DCB3A2-A250-60D0-2C10-00000000D001}8365912C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.492{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.493{D8DCB3A2-A250-60D0-2C10-00000000D001}836C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.181{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=98A46726DA55EF0337F8BE70ACD6C090,SHA256=254D0DFB46B0F8E3AB8F8824E3ED9C28DF9041B1EE79AE663F0C04C69FCA11C6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:36.025{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA7C94B230A111E2982F1EDC88D6CA34,SHA256=3F76B4D1C9145A0BA786F27313918EC002F1C4E21332E71C7EAF879ECAD16330,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.696{D8DCB3A2-A251-60D0-2D10-00000000D001}4116C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000168727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.633{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DFA7514B99640ECDF346E543581E08DB,SHA256=69A2DB266CB26C462782B0A36C982E55CC5FBA72E35C5839D5334B21C481836B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:37.039{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB242BF6C120B935E463467D77DEC9C2,SHA256=5E1CEE0B227964A858DD5E4E8038B00095D726BC47971A6D43A2138AB865FD93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:38.758{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3B74335C1BDB0C64B4C6CB00A0AB255D,SHA256=E476EBE5B43FAB19EA1CF8C9A4D1E4B7D8E737F3DBD4B1B9832C56A442EA5CA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:38.055{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7956E33C3DED0B53A176575F4289227D,SHA256=6FDA2B1CF47B9B23252E53780746E84C013B4A222CCE450BA07E77D7D1D095C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:39.055{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=47DB70013C4E8C5D14A5892BECFC0CA9,SHA256=179CF1107A6012FB91A18F30D0C779E10861A07BA0E672D7671FCA415A35A2CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.524{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.071{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D8150DFECBE943EFC8887A95EFB2ED0,SHA256=2B97FB8E58768EAE7EBEB827DCB021A284F7685918CDEB78C167C47A91EF9622,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:40.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50725-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.071{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=89632A7661DFC3B423EE4851778656A6,SHA256=E95B1062081129AFDBCA115F5F7C6A20834242980EFE4744ECC6B2F1653BC2BB,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000168747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:29:41.039{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{B8CDCB65-B1BF-4B42-9428-1DFDB7EE92AF} {000214E4-0000-0000-C000-000000000046} 0xFFFFBinary Data 10341000x8000000000000000168746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:41.024{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.196{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.086{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDD4608DB74084FF0E387990174F1593,SHA256=4FF8C6F653B10D7216E3A2726C8580AEF961F7B61C174A28AC419ACA77D0D6EB,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:42.153{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50726-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 10341000x8000000000000000168775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.352{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.321{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.242{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.242{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.227{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856648C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\7-Zip\7-zip.dll+4f38|C:\Program Files\7-Zip\7-zip.dll+61c5|C:\Program Files\7-Zip\7-zip.dll+698e|C:\Program Files\7-Zip\7-zip.dll+6aa9|C:\Program Files\7-Zip\7-zip.dll+8771|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+16d60c|C:\Windows\System32\SHELL32.dll+19e7e8|C:\Windows\System32\SHELL32.dll+2844a3|C:\Windows\system32\explorerframe.dll+13cf7b|C:\Windows\system32\explorerframe.dll+139d07|C:\Windows\System32\SHELL32.dll+16d8b0|C:\Windows\System32\SHELL32.dll+16ad2e|C:\Windows\System32\SHELL32.dll+737a1|C:\Windows\System32\SHELL32.dll+76686|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11d7b|C:\Windows\System32\DUser.dll+17b15|C:\Windows\SYSTEM32\atlthunk.dll+1026 154100x8000000000000000168753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.230{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe19.007-Zip GUI7-ZipIgor Pavlov7zg.exe"C:\Program Files\7-Zip\7zG.exe" x -o"C:\Temp\" -an -ai#7zMap32200:48:7zEvent28956C:\Windows\system32\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=04FB3AE7F05C8BC333125972BA907398,SHA256=2FB898BACB587F2484C9C4AA6DA2729079D93D1F923A017BB84BEEF87BF74FEF,IMPHASH=9CF6F80DD6DFE9900700C1E11C318B2A{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000168752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:43.102{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D994A9BF435EE805879543F8736BB20F,SHA256=D561931541DD7ADE0C3A2A2B3CE64EFD45A11ADEC3C8A56407E8255719AB8693,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3AA4AD5B4882428EAD38007736F06B9E,SHA256=DD2AEE150AB1325D4D5402A5E43B4055E3388EEC0E3F0F0A25C22593B99B07E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5CD092EC2C27D71EF90622C176A4E2FC,SHA256=8F8EE8E6F6ED616D16F6AF8A56FC3BC3EA37BA87432E447C5A2DD36D3B1CD80D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:44.117{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=285971F6FC6E37009253BCC2807833CE,SHA256=7673C51B1156AF7FCCE3A434FFACEE8AB5CCE1A60FA3468F4FBA6471920E301D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.602{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A257-60D0-2E10-00000000D001}5268C:\Program Files\7-Zip\7zG.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.133{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1447AE13D4D73CB175C7FF088806B8B,SHA256=AB2EA0457E7022479E14AD3FA686533E6E0BB07B070CBD1EBC4C2223F53E9B68,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:46.149{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE4DDBA9D08841C5401DB55EF22B3D30,SHA256=837CDB2E915AAA11BAE845CE4274EA392EC37927EADD95438AEC213BC556012E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:47.164{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=264A19B00DC0ED6607343F81F440BA64,SHA256=D38663BD34179D218C131837579DA9863340AFFB02AAB26FC715230D4F90B5BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:45.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50727-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:48.164{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFCEE2E48F02EB89511F59730C9B3AE0,SHA256=72FC4FC5F098652BFF7CA2D41380C6E55780C5089A7429397462654B5FC47E45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:49.180{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=721D68D2DBC483B68BF5B9193EB634E0,SHA256=7DA511E49107C62116127E8E3A781149474FB4BE3A82116CB35A25F52F5F1CFF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:50.196{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=69BCA665C3979AD4056CA7BBD0D29F65,SHA256=FA439C04B02BDC8DABEC28A3CEC5E226C59833D526C938B100F3981D43977065,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:51.211{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2786ECFC752EA1764F121F21B80E1DCF,SHA256=3D77BD5F3EC82F3440FD492BD8C2D60A9563F39F33906B402473EF7EC979FC20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:52.227{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=23272999AA111814C67009AD65E9B71F,SHA256=0769F7879B7454F742FB7FFA05873D126872C50102FB4C60E6063FCB3A8E62E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:53.242{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1A6985E6EB96CB4C690B1BE9A37510E1,SHA256=204DA75C2027E9E57FA77AC237C048DCF39B3150767204136A17F0AB06473C66,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:51.074{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50728-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.258{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E139F6C807AA94F27B3B0E35AB8A6DC,SHA256=AFEA273F623BEFE17709EC502ADE20E34998635E2511D0C5B04ABF0F63DE7287,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.367{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=013B2AE15F84725E9C5DE45CE9442454,SHA256=F6B050635FDE5F13EA9055FBFDF8A0E67067F34F69F5F5B493A06777B92107F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.367{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3AA4AD5B4882428EAD38007736F06B9E,SHA256=DD2AEE150AB1325D4D5402A5E43B4055E3388EEC0E3F0F0A25C22593B99B07E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:55.274{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BF8FA333517D34848E89E8707E5753F0,SHA256=AF340446678C6C661C39042491B9441D7EE74EB378AC11760EF3C5F60DA776B2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:56.278{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4AD0370FB0FBFF2E844BBD430B1D14C2,SHA256=8F33DF287DCFF3498166DBF4562C86440C83916AF100642D995BF01174E4BC7B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.325{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50729-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000168798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:54.325{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50729-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000168801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:57.419{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A411740078AEB7EAE90BAFCE542E7973,SHA256=5AF2AD3B367259138AA5276B6FA0EFA45D656C6C13D87AB0F18F4E38A3B072FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:58.544{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A991A52A212DD07FF8BE49B88822AB13,SHA256=02B4972A08941848890DA22B35F55494032EAA07B7BEFC16C206C561160BF6C5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:56.168{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50730-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:29:59.575{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BC63D561B4613C62579E68FD31FB984,SHA256=413ADEEC95A1F0EC25982B90A4D5C5804E19586FB2996BFE21202202231C2B13,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:00.591{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C31B82178E534D76ED6C7CFDCB2A7E8,SHA256=E90A81D0C7E25ADB5BB6248DCC37689397CDD8ACF032E956A42038377FF47855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:01.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA8A90E24B8673DB0EC6B449C89DFFD3,SHA256=D8B0E8B50BF75368C4DB386F6E8987369A02F6B2827FE0566687E6D7A4CE2F57,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:02.732{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B11AAC5DFCC5F9219BB0FE724B0994D7,SHA256=8591038F28AB070DAB17935111E4CE7AE433B6D986583E3D55CCD5C0E11F8F52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:03.950{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B64B3DB31F59D4AAD16D3083101C563A,SHA256=7B1583FF73AC5143A7693CDE32D69C7E2078707D18A461B92EB52E0C0ADF8564,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:02.157{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50731-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:05.044{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EB0974ECFDEE928DD2958DE46C22CF37,SHA256=8EDEEF968B133AA0D9A7D38B9B8463CB56EDDF669434659E540A99EEBC48AAAC,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000168812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:04.904{D8DCB3A2-4534-60D0-1000-00000000D001}412wpad9003-C:\Windows\System32\svchost.exe 23542300x8000000000000000168811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:06.091{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=86823821780045F291B7FE9B19043417,SHA256=E03A91A494F452B6EC3679801BA1482F94939CF8212510EC96257C344B6532DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:07.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5A78D377B9A61E3505390441401AA05F,SHA256=D68E0B109A77E7046904E8065775AA281A2D9FAF81A3C1DFDC46B86F81184746,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:08.435{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=427F16C086C8A08700CBE7BDE08582F9,SHA256=93912E887D740CD61228FBF81E72857ECFC1314921413FBE5FEC73F6C01C2F5C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:07.172{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50732-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:09.466{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=131EB8B1DF725F5F9059F4BA2CFE83A4,SHA256=BED823F83D7E6957A164A644531BA56921AAB00491DC947DDAFADAECBA7A277D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:10.482{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=48EF033A0DD6FA0AF5A5A83E2BDADD8E,SHA256=82430465776B47A42CAB6895119B73B5BE37EEA1064499367E89F2E081CB6F28,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:11.716{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=732BE4594E28BDDCDB956924BAC16ECE,SHA256=ADDF3580B8C0A15B5C16A19907F4DEC0446E4EE41998DFE629925822F86D89CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:12.825{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3F9D80D7EDEA61D2B2933BBBAD0A8352,SHA256=36EE66ADC7548F0C06086379774A1D761F0B6792D00E557B73471B88C382B431,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:13.747{D8DCB3A2-4533-60D0-0D00-00000000D001}8965764C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+b4d7|c:\windows\system32\rpcss.dll+8257|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:14.044{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9839CA86CBE7FFA82582B3A2864FFAAB,SHA256=148A5EDC23208CB9890D904B31A30178D371B3FD71DC06538B1815EB4F8A27DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:15.060{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=68513CE1CD4131078B5E88F852554D86,SHA256=E6EE5FFE5F79DFA350DFBD41671C001BDE912AA3A87AC1AC270781DF831849D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:16.110{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A352C93F94050F2AEB05A87E07392C3B,SHA256=38D5907F0FD1A1AD89B00E35CB86680A789C42FA2149C14A57CED984CB31AA4F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:13.047{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50733-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:17.210{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8470CCFCDA2167DDE794834473E33E57,SHA256=804FB0D60E1FEEE13A5004720009DDA0BD8B36AEE9A80A887F09488A81083A64,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:18.431{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5AAF2145CB960C0E3C830BDE318C36B1,SHA256=D13CA111E02761D267014E9A856892AB7D14BE5467890F2DD2198D1F677C3244,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000168828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:18.184{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50734-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:19.432{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C861733A177E735B3792708FF260CA83,SHA256=ECC01A5C1491AA3EF7EC34B0657E5F22FFCDD8CE7BEC2A8E5C2830446B23480F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:20.542{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26F8AE1B107E03D6AA53F2E03465A066,SHA256=F5DCF006021CF88907B50F3674F6DF313DEE0333A2D39F6335D5A63114D8AE3B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:21.541{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5948DF4AFB210A698AC941490C14B177,SHA256=E32D16B4ABA81B01B78CD2E29A378DB31E987836679630B5B1AF486A0BFE4BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:22.556{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5124BDE0069E4B35FE5C9AEFD196838C,SHA256=049F971028EA85719D6490DBA8F8E317ED0341B2ACDBCBCA24E497E6BB99964B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:23.572{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=53AA5D6C2963191799224D4D4BC488BF,SHA256=72F139968133E9CDAC0940DFA1F90D6043C9E06E3CBF4004196CC1C888DA78C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.822{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=EB525BBA7C5F4567A72FAB1CDBBF7CA5,SHA256=CC3636D9EFA2893044CECD51204528A38E61C84A97BF88397CA613D5ABFAEB09,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.588{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5CA16A8A90A9514DA5E85038A33E9D98,SHA256=49ABF02D3142A3C403F493670E7DD6F177198776B2689BF49CFC029A2A825B20,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.557{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.510{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-A280-60D0-2F10-00000000D001}37803232C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+660c|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.506{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000168843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.494{D8DCB3A2-A280-60D0-2F10-00000000D001}37803232C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000168842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localInvDBSetValue2021-06-21 14:30:24.478{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Store\C:\Program Files\Mozilla Firefox\firefox.exeBinary Data 10341000x8000000000000000168841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.463{D8DCB3A2-45EA-60D0-9F00-00000000D001}48562564C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\windows.storage.dll+11a32|C:\Windows\System32\windows.storage.dll+11729|C:\Windows\System32\windows.storage.dll+115ff|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHLWAPI.dll+e1f7 154100x8000000000000000168833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.456{D8DCB3A2-A280-60D0-2F10-00000000D001}3780C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000168864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.978{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.869{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000168856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.588{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9B75140B0610A6D7A70A5D01B26038FF,SHA256=5271FA6A63FAA6466DC5CCF7F4A231E1629661EA947C53270BA86072A939E72D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.478{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF775A7E8E63DF0C3A166342B87C53F5,SHA256=A36CC80C94139F393BE8B71D2E216030E6262941498285A664C024DFE0C64F48,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.478{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=013B2AE15F84725E9C5DE45CE9442454,SHA256=F6B050635FDE5F13EA9055FBFDF8A0E67067F34F69F5F5B493A06777B92107F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.994{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DF775A7E8E63DF0C3A166342B87C53F5,SHA256=A36CC80C94139F393BE8B71D2E216030E6262941498285A664C024DFE0C64F48,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.978{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.978{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99E3F2D711D32708A5340558565AD1E5,SHA256=C277DECCB033004B61883FA72E878A1C7794F5EBC0C35E5998879B6F8C47B370,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.19.71512234C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.18.70820490C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.17.1185882C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.15.90127878C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.16.165603562C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.14.105353657C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.20.122210486C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.963{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.3.111652418C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.963{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.3.111652418C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.963{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.947{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.2.109921930C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.2.109921930C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.1.10061262C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.1.10061262C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.0.142768412C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.947{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.0.142768412C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-1C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.26.10555678C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.25.103014797C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.24.127915752C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.23.182595785C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.22.188573075C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000169070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.21.111821617C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000169068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000169055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.931{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000169051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000169050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.925{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.20.1222104863\1771910942" -childID 3 -isForBrowser -prefsHandle 2932 -prefMapHandle 2928 -prefsLen 1808 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2944 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.916{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=348CD1716FDAD4BF93EB4CE2A4317986,SHA256=CD6352ED322B6070BAC668E3B217E7B6DE05FD83C6FA8885E7EE2FC693487725,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000169041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.20.122210486C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.13.174501231C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.900{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.885{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.19.71512234C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.18.70820490C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.17.1185882C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.16.165603562C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.15.90127878C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000169025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.14.105353657C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000169023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4 10341000x8000000000000000169009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000169006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.869{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.858{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.13.1745012312\1609852241" -childID 2 -isForBrowser -prefsHandle 2736 -prefMapHandle 2732 -prefsLen 1768 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2740 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 18141800x8000000000000000168998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.12.4022916C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.11.155261098C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.10.163635055C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.8.132935352C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.9.176308918C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.7.162402058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.853{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.3.42085217C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.853{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.3.42085217C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.853{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000168988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.13.174501231C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.2.191079763C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.2.191079763C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.1.168249048C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.1.168249048C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.0.30736359C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.838{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.0.30736359C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000168978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.838{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.791{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.6.15490439C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a 10341000x8000000000000000168970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2 10341000x8000000000000000168969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a 10341000x8000000000000000168968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2 10341000x8000000000000000168967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000168966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.775{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 17141700x8000000000000000168965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.12.4022916C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.760{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.4768.0.207667644C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.4768.0.207667644C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.11.155261098C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.10.163635055C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.9.176308918C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.8.132935352C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000168954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.7.162402058C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.760{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000168952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000168939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000168938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000168937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.744{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.749{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.6.154904399\1720219803" -childID 1 -isForBrowser -prefsHandle 2416 -prefMapHandle 2412 -prefsLen 1626 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 2428 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000168929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.6.15490439C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 10341000x8000000000000000168927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 10341000x8000000000000000168926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9 18141800x8000000000000000168925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.5.16402344C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130565f|C:\Program Files\Mozilla Firefox\xul.dll+1865196|C:\Program Files\Mozilla Firefox\xul.dll+57ee7f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 18141800x8000000000000000168923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.4.12834345C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.5.16402344C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+13054bf|C:\Program Files\Mozilla Firefox\xul.dll+1864ff1|C:\Program Files\Mozilla Firefox\xul.dll+57ee77|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 17141700x8000000000000000168920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.4.12834345C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000168919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.3.49702394C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130531f|C:\Program Files\Mozilla Firefox\xul.dll+1864dea|C:\Program Files\Mozilla Firefox\xul.dll+57ee6f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2d82159|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7 17141700x8000000000000000168917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.728{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.3.49702394C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000168916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walMD5=E09136CD6CF3399BBB95A31CBD265C61,SHA256=531A4098C5893297AFB034D906D559C4CADC17FE6F98B541693FF3FEDB510E35,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=85DE0B4457ABAAA7F60F8199BE5C5CA4,SHA256=1DCCAAD75A427108F41BC850B80DCAF8E40CDAEBD27E6A148DA5B99380D1637A,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000168914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.588{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.3876.1.206105084C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000168913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=E89F02436807848D277A4C41157146CF,SHA256=4F2A9EE33456F9BAAFB9D389663AC08843C9267C1105A474F5F16E36D38B2439,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-journalMD5=1C44255CD5640F1D0AC5FF1095ED5D3A,SHA256=14CD3BC82A71A5EB4EB4623EA746D1CBA152652E20EC84BC2F80E97035E8B097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=E22B4234B14644BDB6CB9B7B4009C40B,SHA256=F803AB4E2BFB1DBD0AC64B966AD7E1E6A95044857D7C01BEC9E43F80F927EFFE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=E1D329C33D0AC1D2C6FAFAE4822CF15B,SHA256=F9E0617B5E636163B002B92ACBE9DF127DB3179C3ECDA4E6A05C646ED7D89B7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.556{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.541{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=D3514C970C8403131CA3D6D8173850BD,SHA256=9E475DA3D3D035AC633DE523E7E4ECDDD72BDDAAF7E8E5129A507D666FAA1827,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.541{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-journalMD5=798FA10B6C03E8A42B2D9AF5493F49BD,SHA256=5F5C6E6D0EF46A85AB09463B04E4C93F3C7DA07C826ECF8BA956A05E633BEF80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.525{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=2761D64F3DE5F69551A88DC1A0F918E9,SHA256=1B8BB5CEE40C42580ACD3A1D9E2811FE34194D0F0BD049CD1CFB40A3AB3CCDAE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.525{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=4ABECF239732C621CAFF0CBA23131751,SHA256=F53FBD75AE7FFB182CEEB9EBF22D87563F99BC47FEF0245A13C2091A4676E32F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=162C5DE6FC9F5EE6BD03A8481BC77EB7,SHA256=B53366718698BB17F83935B1EB4E252ACF408775886318B1A72EFC91DA8F53FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\times.jsonMD5=185B1276011382AE5CBFA407B4287324,SHA256=D3630AD452FD3A3E1CFAC4C6FFAE7FB0CE2011F6D2EC0611E8AA5A574881CEB3,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+1282d98|C:\Program Files\Mozilla Firefox\xul.dll+13053ef|C:\Program Files\Mozilla Firefox\xul.dll+186537b|C:\Program Files\Mozilla Firefox\xul.dll+1863986|C:\Program Files\Mozilla Firefox\xul.dll+1192d84|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000168901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.2.3987324C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.2.3987324C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.510{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.1.206105084C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.338{D8DCB3A2-A282-60D0-3210-00000000D001}4768\chrome.3876.0.119571099C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.338{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000168893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:26.338{D8DCB3A2-A282-60D0-3210-00000000D001}4768\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.322{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.322{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000168884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+25e534|C:\Program Files\Mozilla Firefox\xul.dll+1215769|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000168883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.316{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.0.1195710998\695041431" -parentBuildID 20210614221319 -prefsHandle 1792 -prefMapHandle 1612 -prefsLen 1 -prefMapSize 232815 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 1864 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000168882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.0.119571099C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000168881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:26.306{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000168880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.291{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000168876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:24.153{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50735-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000168875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.275{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.119{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=FF05880A6E481192E3D28A68679BC7BC,SHA256=44E55FC44D24D0A05E5BCD1FB68E5E38E1743EFEAE1D170F10EF2BA6A9F596B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.072{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=A577C86B34B658F4303992B124DBFEFB,SHA256=5FCF229635F3248B648ED2EB07E6477907B83066595F9272E3CC3FC2AE6053C5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.072{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=112CDA8A919322CA5BB0C65F7E0D4B23,SHA256=BCC30C490AA525DA5C2B6573DB75B759CEE225226D005DFC4003F3A7778A2367,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=5BC5CEF52D041FB4838CA88E4F08EFEE,SHA256=A9414086BC76EF60913CC4E1283563B7B2F733563FFE20521CB76612D28D8BE4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\permissions.sqlite-journalMD5=587E0A6D08E5B16812F8D8011FF8AD92,SHA256=0EC0FE36A078D95C7D92ED631114CEFFD6DC375FAC82FC2F06215437D56B6943,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000168869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-journalMD5=3DE7A15A7461DAFE639C193B10FDE025,SHA256=CEAC376CEBBD5504DDC9BA9931B2F8E830F24DE0AE4707218B741A3CA136B550,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000168868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.041{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.025{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:26.010{D8DCB3A2-4534-60D0-1600-00000000D001}13044984C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x101541C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+20fee|C:\Windows\system32\wbem\wmiprvsd.dll+43f7|C:\Windows\system32\wbem\wmiprvsd.dll+15538|C:\Windows\system32\wbem\wmiprvsd.dll+1498a|C:\Windows\system32\wbem\wmiprvsd.dll+146e6|C:\Windows\system32\wbem\wmiprvsd.dll+140fe|C:\Windows\system32\wbem\wbemcore.dll+b920|C:\Windows\system32\wbem\wbemcore.dll+255ff|C:\Windows\system32\wbem\wbemcore.dll+24a9a|C:\Windows\system32\wbem\wbemcore.dll+2485e|C:\Windows\system32\wbem\wbemcore.dll+2685b|C:\Windows\system32\wbem\wbemcore.dll+22b78|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000168865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.994{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.972{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walMD5=108D10E9C77EF2DAD7059E8E75B23215,SHA256=B57CCEDDC2A0FC2ECF5EC4946BF4E0C60C963DE81D2D9A959C7E52C81A42362F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.972{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=7C67A0FF211594F51BA79914CE50C36A,SHA256=55E60D35759A62B81EEA07B74EF5462D8A55CEE600C6F1184A58102DBB266DD1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.956{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=185B569E04F551FA06DE549A587935DC,SHA256=31E7B86AEF2FA61C0E1BD5287A183D2BD954482552B591E29E18B6345E31A6A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.953{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-journalMD5=457116A3B48FDD4492A4CBBA6E986A06,SHA256=994524C651638D20FE015ACA8A6EEDC422FC1A12351FECD72700E1AE6CEBBB41,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.934{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walMD5=879CF757B49C268701DE8EB539924725,SHA256=6E1FD54077FBDCEB1AD5EAE343DF0A524A4B99A4765DBEE68F74C4744C24F86D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.934{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=F1788E445C957AD80E427CD190AD3289,SHA256=5A6CB13837B02340ADD40DD3261949AFA45D3AD758DAF2E9BA8DE73C843FD7DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.919{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=6BA05C256FF1C53427DFC4D91F9CCDD2,SHA256=9472B79388BEECEF757DC6E6430A676661C023C04A70F8380E1F6370B0914165,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.919{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=4B5247636AB55AF819221726D2A9ECBD,SHA256=D0A84890BEDE1BC8897E536452E7ED76B775594086971A37206205269EE0B463,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-journalMD5=359452B4D29107906FCB466A5F38CF12,SHA256=1276C6914DD51CDE17612DB947D9F4380952EAEC22BB9A633EE76C433F59E77C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.903{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.872{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.856{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.834{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=B6AFD18F164377453769436D26490730,SHA256=E962085661B9E37B9CEC9C5916FA609AA714C51FF7C4712F16568A3AB3D24A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.834{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=4787CFC792277B2C0DB290F30BE0F34A,SHA256=AC91C330F93BDC0D52B6DEB308A6AB9342495D52C0B17937336DFDD69E41729F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.819{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=2C0D6DF2EDCF81E3B77FD99AB04069D9,SHA256=AB26CAEA16A1837FE561F3627C26B2AD2DCA231285298F867DD3473D4D79BAA9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.772{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=2A2E1B7384807A6B902052F2B87495E8,SHA256=B6FD1FC013B916731749A7812A693B7D0BA1CF04E052F358E8F081B1CBEA92BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.756{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=9F794F5E30C8CAA69235462E0C69A52F,SHA256=014CC3157EA1DACFD2C8184114F544D7AF51C452DCC2D5B7172611F5331CC37C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.754{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=2126E9B430728CFB52FDF8120A7F1E3E,SHA256=743EED1A2DE250D2F74FB33512CDAF44CC2E51C2274D264888A69C2576FDDA4D,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000169284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.703{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2836.4.112602582C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.703{D8DCB3A2-A282-60D0-3310-00000000D001}2836\chrome.2836.4.112602582C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.688{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=A06CFEAA01CD92FE10A6DAB36CF452BF,SHA256=339F5932D6F2D67656EF3AAA5910AB079D877662C5632868FF0CF8EC0FCFFA5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=5A4267DE0DC607975AA69203A785F71A,SHA256=FDC7143A1B42109F578158A52270539514B61A4E5DACAFC2CFF5674B1C36772C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.672{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.656{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000169272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.656{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 23542300x8000000000000000169271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=734F55B097AF73F79D413D76E21ECBFF,SHA256=DADD7EBEC9FB53D1441C579488F799D29A4391F182707CF73DC9DBABFE9B1EB4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 10341000x8000000000000000169269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 10341000x8000000000000000169268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.619{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000000C0F2E64AE0) 23542300x8000000000000000169267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=6B463F5DEF50B33E26D958C50D534BD8,SHA256=0EF1ECA1566FB3E603E2FBC25893B388E30164E42E2D2151034F37CB88137558,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=21FF0C5E6CF36E44E44DC1B9F66D025E,SHA256=89CEC6BA70F6A88E7F70B39D15CA31BBD099C5E06EC34E6D9D02F535C8DF7D19,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=637B9ABF16333818FE02DF028D4658DC,SHA256=8DDA1D8A2C4D688379D6EB969106304E6FFAF740D14E5695572F4FAA8DAD663A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 10341000x8000000000000000169262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|UNKNOWN(000000C0F2E9523F) 23542300x8000000000000000169261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=3C3DDA258D2E8DDF2A4E7DE7583A67A2,SHA256=7DD53C38BA463C17D121BFCFE8A839F7695E875936799A534C0E106041E14E5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.588{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-journalMD5=10094A0EB1A9CE5AB07739FFABCC43C0,SHA256=E115B9FE55C8AAA2A7858D245EDDB047706607202DD35C54BA7B80FEE8C053DF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 23542300x8000000000000000169258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walMD5=1632F3E5AC567324954ACDD329C25087,SHA256=13756008689077293D553DA6905A4E876A741D0AA82BA6CF3802FF9294FA2977,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=999B0DD5239D496300028691C18EA680,SHA256=219B0729E4522C3D0BD27C6734D2CDB797025350F17E55400C84166813842232,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000169255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.572{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F29B7AD7A595BD5850AE9C2C6056FD6B,SHA256=425869BA0C7D42F84247B1F70C688C14463620C20BC26C2C05B6AEF7593087D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.556{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=A163169C2835C477FACA63D18B62EDD1,SHA256=F32FE291B2B9C29E4C869119E0820BEBBD2D6DE6623CC2BB095EFFE0652F3603,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.553{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-journalMD5=B80233DED4F8A1B10EB395BDAEA5A10F,SHA256=47AC77DEF6EC7AD45C93F1E4353D8C974037225CFADED0A814996D7A2ECFEA8B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000169245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.535{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.503{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d1f3d|C:\Program Files\Mozilla Firefox\xul.dll+29d3764|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 18141800x8000000000000000169239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.503{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.5604.4.211645070C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.503{D8DCB3A2-A282-60D0-3410-00000000D001}5604\chrome.5604.4.211645070C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.488{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.488{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\content-prefs.sqlite-journalMD5=6602149E6FAD56431075203DDB013E51,SHA256=47B0DE4CE7BDB831C7F2649E8D86FBEABB2B68637EA80ED1F3C60D3D79630891,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F7B93837B4E3C728C32FF76BD26DBF8,SHA256=2FFF99250875CA9DB87A528C6BFE6F2756F98B3BE42544C7CCC7A551DD2FFC10,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.472{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=9712AA36C990EA0107E395D9BD8A01B5,SHA256=FC06F01F51A8C50B5ADD55293AF6833665C6E3CDC88BFB7C2C4AF64F11FE02E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=E772DCD880EF3B35EE7AD0BC2877258A,SHA256=802329F2FD84B7AF600EAE0AA1C2A817621A0C70B7267C484EF2C4230D0FA232,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.452{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=D441D700E0154951F252E00D044848AD,SHA256=DEF79DB29DF2C7FEE38485F287CAA055F6D975B2F81849092405B2221F8D7ACF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.435{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=9A1492C77E9A2F86E5A198C0EAB2804E,SHA256=8DB13D2BD0AB4864C1C366A73EF4251472296A01211B548C5D8627CFFDBBF268,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.404{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d79c0|C:\Program Files\Mozilla Firefox\xul.dll+29b168e|C:\Program Files\Mozilla Firefox\xul.dll+1a716e6|C:\Program Files\Mozilla Firefox\xul.dll+4d41c2|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+20a5a9|C:\Program Files\Mozilla Firefox\xul.dll+2df3052|C:\Program Files\Mozilla Firefox\xul.dll+84609b|C:\Program Files\Mozilla Firefox\xul.dll+1e5c61|C:\Program Files\Mozilla Firefox\xul.dll+37f3ca2|C:\Program Files\Mozilla Firefox\xul.dll+198566b|C:\Program Files\Mozilla Firefox\xul.dll+1987d4b|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 23542300x8000000000000000169216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\extensions.jsonMD5=70346B8582B24BBC49D06F831341E859,SHA256=35357F1D0555882EA74E90A2BDEC37F8E9953E24DA999014EEF87D7EB55333F1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16dd504|C:\Program Files\Mozilla Firefox\xul.dll+16dd3f3|C:\Program Files\Mozilla Firefox\xul.dll+178fb6f|C:\Program Files\Mozilla Firefox\xul.dll+178f3bc|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+733f4c|C:\Program Files\Mozilla Firefox\xul.dll+22380ad|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+6eef2e|C:\Program Files\Mozilla Firefox\xul.dll+7741cd 10341000x8000000000000000169213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+17e7660|C:\Program Files\Mozilla Firefox\xul.dll+16998f0|C:\Program Files\Mozilla Firefox\xul.dll+16985f4|C:\Program Files\Mozilla Firefox\xul.dll+1698524|C:\Program Files\Mozilla Firefox\xul.dll+682381|C:\Program Files\Mozilla Firefox\xul.dll+68167b|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+16904e1|C:\Program Files\Mozilla Firefox\xul.dll+179098d|C:\Program Files\Mozilla Firefox\xul.dll+222a510|C:\Program Files\Mozilla Firefox\xul.dll+222a017|C:\Program Files\Mozilla Firefox\xul.dll+2237d7d|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000169212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+16904e1|C:\Program Files\Mozilla Firefox\xul.dll+179098d|C:\Program Files\Mozilla Firefox\xul.dll+222a510|C:\Program Files\Mozilla Firefox\xul.dll+222a017|C:\Program Files\Mozilla Firefox\xul.dll+2237d7d|C:\Program Files\Mozilla Firefox\xul.dll+1de63f0|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa 10341000x8000000000000000169211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b6022|C:\Program Files\Mozilla Firefox\xul.dll+29ee0e5|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.372{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.357{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.353{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.335{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.335{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.319{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-50737-false127.0.0.1-50736- 354300x8000000000000000169192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:25.916{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-50737-false127.0.0.1-50736- 23542300x8000000000000000169191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-walMD5=040676C983A7154AD92111F9F3F1C412,SHA256=4693226A4BC70334926BFF47C79F21D29795CF4325AE83097843238DA71D7487,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=0ECF7DBB2342D989C8A88473090E4D02,SHA256=6AB42A8FFC43BF41990FD405F5184FC60B387A87F981679E94900DC30484B947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-journalMD5=BB539596E7788EEED7BDEE1725BCC09D,SHA256=39EC1B8B3F18AA60C3A60FAB777A71F29CC2DE69F31A26A4CDE2E78AF21A8985,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.288{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=EA4A2C5F70B73069A662C93C9128A105,SHA256=DD0827226566BE8A1464683800BC23AC0C19533DE9347F3B3B53EB40FD37B140,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=E25360C90142934DEDF68A3F4328BAD0,SHA256=E4E1730C061AB5478431C47272126E0F626A5387E08486EBAAA73C87ED607A85,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-journalMD5=F8AB23AC9011795281D4348A26F7F1F7,SHA256=9A31BBCA4971BAF76869B95E59E50773FB117D01C1F640DDEEDC85DD0AA54675,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=970D1300074A8712875948BDEDA1984A,SHA256=ED78CB3C299C87FD3A2B442C27642198586F0756CA307307FD763E4B75FF4ABE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=42CAE9D268EF01835D4C092C12BEFEBA,SHA256=4621A0F3A1BEEE9956BF07BF76E98C8CF8574D055F1D311E4F077570D85D28C9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.272{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA4931303538D00F00208C8C350C26FD,SHA256=5FA7EC9BAC78F1C58EA2B6E9BA4614DF018BCBCBC0D032CE035230DC4373E3AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-journalMD5=2FBBBAD4840B48E85970F4A8FF715217,SHA256=44E4F3C84F59348570FF5F1D3CC40ADDB5B59D8909F5CBE23E593C7085832B31,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-walMD5=C46F3406BD92B2100BB911ED2FB76CA7,SHA256=CE7A32D4BF13F560CC466B7752D421524C902B93065B4FF975DD4D7CFE9B6295,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-shmMD5=535CE42E475C448D65D3ED87350003BC,SHA256=79BFFC839B5683DF7810F85D476BAAA2EDF654264B91FD8D8E2FCC36C0CAAC45,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.257{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.235{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=6677043E1F5C6C1A8CFE31D1F1688A73,SHA256=3A96ABD3BDB261AD3662F97F058C9839922B5E13A823D0ADE45053E96713C29A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.235{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\default\moz-extension+++6252efcf-af51-4ea7-8374-6bbe359bab3c^userContextId=4294967295\idb\3647222921wleabcEoxlt-eengsairo.sqlite-journalMD5=7A62A899B3E4DF6D110696C87B2ADE09,SHA256=68FF1D6F49650A469C79CF0C08D17454E47B7359769B51B33A0B83CE0FD2B515,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-journalMD5=D015698D97667FB206314709CE3FDC86,SHA256=2EA041A12B4F25101B47FBD6AEE34056A76A78E3379E2287ADCAA4207A6E7043,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2c8387f|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+22a53|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE06B4A68)|UNKNOWN(FFFF804DE06A8C58)|UNKNOWN(FFFF804DE06A88DD)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+1764|C:\Windows\System32\USER32.dll+11baf|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee 10341000x8000000000000000169169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000169165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000169164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 23542300x8000000000000000169163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.219{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=22105E7CBCF34A40523F0E809571E28B,SHA256=0BA5F272F138642EAD00C0AC66DA170D44538AAD53DCD8F0730D3C92FD15461E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.204{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.188{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.173{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000000C0F2E63DFF) 10341000x8000000000000000169146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000169145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000169144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.157{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 23542300x8000000000000000169143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.135{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\key4.db-journalMD5=A4B7A2CA7D4224DE87B55007A0B8C8C7,SHA256=3A6B3B68DEE6416E5E0558655FF4AA2871ABF9DD59B1D11623F9D4B6575828DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.135{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\key4.db-journalMD5=A69C9348DCAE4A91A54AFC75819248AE,SHA256=B9958B84037DDFCF6E568CC2F35F41309CB3B21C48D3B0DB81020062478DF931,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.119{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=B888C5E6D6522E7E6A3AE5FF5F79CED8,SHA256=DAB800F25A0C7458701146C64589F41049E3C713A373F77A5E6B08D79AE8A811,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000169140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.088{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\pkcs11.txt2021-06-21 14:30:27.088 23542300x8000000000000000169139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.057{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CDC3864375AE0075A522A6F35C960103,SHA256=BD0F7575EE2E9BDC5BBD22909C033CB6B63B9B28E18E74BAB2959092A6A6DD6D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.048{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2bbef01|C:\Program Files\Mozilla Firefox\xul.dll+2bbee09|C:\Program Files\Mozilla Firefox\xul.dll+2c83ac5|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 10341000x8000000000000000169137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.045{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.043{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.26.10555678C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.25.103014797C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.24.127915752C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.22.188573075C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.23.182595785C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.21.111821617C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564864C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.025{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.3.128053753C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.025{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.3.128053753C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.025{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.2.74883394C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.2.74883394C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.4564.1.214720471C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.1.214720471C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.0.62768067C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:27.010{D8DCB3A2-A282-60D0-3510-00000000D001}4564\chrome.4564.0.62768067C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.010{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.971{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.933{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.933{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50747-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000169475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50118- 354300x8000000000000000169474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63105- 354300x8000000000000000169473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.770{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54828- 354300x8000000000000000169472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.769{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54650- 354300x8000000000000000169471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.768{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local51834- 354300x8000000000000000169470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.741{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50745-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.711{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50743-false44.239.56.69ec2-44-239-56-69.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.649{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50746-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000169467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62958- 354300x8000000000000000169466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50744-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000169465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.603{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50219- 354300x8000000000000000169464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.602{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56013- 354300x8000000000000000169463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.600{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55731- 10341000x8000000000000000169462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.818{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.802{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.786{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.771{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.755{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.671{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BCAF23CEB029219D16244B7DF2352264,SHA256=B421377104106055C9CFA9591D799328CC82B6B75E5374AD00989984036CEC2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.618{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\pending_pings\ddd85381-5bba-43b6-96fe-2cad9e7575a6MD5=1F386DF7026EF383D23C2A1BD5B4A307,SHA256=630B254EAE4A637D32E019994A6D1CB6428110417A33394CB3698D0A9214B75F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.602{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.602{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000169453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62079- 354300x8000000000000000169452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57127- 354300x8000000000000000169451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.564{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50742-false93.184.220.29-80http 354300x8000000000000000169450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.562{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62115- 354300x8000000000000000169449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.558{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50741-false104.18.165.34-443https 354300x8000000000000000169448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.558{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50298- 354300x8000000000000000169447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.557{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59177- 354300x8000000000000000169446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.555{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local60935- 354300x8000000000000000169445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.553{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64300- 354300x8000000000000000169444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.336{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50739-false44.236.127.247ec2-44-236-127-247.us-west-2.compute.amazonaws.com443https 23542300x8000000000000000169443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.455{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.402{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.402{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=22B22C343F4A47D9A4EF5B6A9929C230,SHA256=9BC210BFD9216AACCEDD76E7839E59F58E1509FC90EB2E15FA89D8E06A08A0F1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.371{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E20173173ADBBC69F77258FC45307A13,SHA256=1A98ECFF299E07E5E6F9ABADFC84C6309A7C8588C69851CA6DCD3F46C4CFD8CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.355{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.198{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50740-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000169437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.197{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56892- 354300x8000000000000000169436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.196{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59395- 354300x8000000000000000169435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.194{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50445- 354300x8000000000000000169434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.194{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64055- 354300x8000000000000000169433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.190{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50738-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000169432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.189{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50486- 354300x8000000000000000169431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.189{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62845- 354300x8000000000000000169430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.184{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64454- 18141800x8000000000000000169429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.32.40311901C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}38761120C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.287{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=12287DCACDE0AA570ABE8EA755A9F012,SHA256=39E21B42AA19044582F5D42F0363CC92BED555D44D01A8C61D229FA2D37D8882,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000169426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.33.49470356C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.287{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.31.93323913C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.29.149125230C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.30.89286921C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.271{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.28.155369991C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.271{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.271{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2060.2.169528068C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.2060.1.20204740C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.2.169528068C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.1.20204740C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000169415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.0.54304250C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.256{D8DCB3A2-A284-60D0-3610-00000000D001}2060\chrome.2060.0.54304250C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.256{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.256{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.252{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC62F8ABA3302683E55657AD6EE1410E,SHA256=27F60FC58D88366C8098DACA169763F447D3C58CBFC83CCD6CB046B1407C96CD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000169409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-3C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.218{D8DCB3A2-A280-60D0-3010-00000000D001}3876\cubeb-pipe-3876-3C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.959{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod-classifyclient.normandy.prod.cloudops.mozgcp.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.958{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod-classifyclient.normandy.prod.cloudops.mozgcp.net034.98.75.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.785{D8DCB3A2-A280-60D0-3010-00000000D001}3876d2nxq2uap88usk.cloudfront.net02600:9000:21f3:1a00:a:da5e:7900:93a1;2600:9000:21f3:600:a:da5e:7900:93a1;2600:9000:21f3:ae00:a:da5e:7900:93a1;2600:9000:21f3:f600:a:da5e:7900:93a1;2600:9000:21f3:2e00:a:da5e:7900:93a1;2600:9000:21f3:4c00:a:da5e:7900:93a1;2600:9000:21f3:c00:a:da5e:7900:93a1;2600:9000:21f3:7e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.783{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.782{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com044.235.246.155;44.236.72.93;44.236.48.31;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.781{D8DCB3A2-A280-60D0-3010-00000000D001}3876d2nxq2uap88usk.cloudfront.net0143.204.98.30;143.204.98.118;143.204.98.120;143.204.98.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.781{D8DCB3A2-A280-60D0-3010-00000000D001}3876firefox.com0::ffff:44.236.48.31;::ffff:44.235.246.155;::ffff:44.236.72.93;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.617{D8DCB3A2-A280-60D0-3010-00000000D001}3876pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.614{D8DCB3A2-A280-60D0-3010-00000000D001}3876pipeline-incoming-prod-elb-149169523.us-west-2.elb.amazonaws.com034.216.113.46;34.216.18.93;44.239.250.14;52.33.45.66;44.235.28.153;34.215.151.143;54.149.208.57;52.13.236.190;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.582{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.580{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com054.187.81.18;34.211.81.19;44.239.56.69;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.579{D8DCB3A2-A280-60D0-3010-00000000D001}3876accounts.firefox.com0::ffff:44.239.56.69;::ffff:54.187.81.18;::ffff:34.211.81.19;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.576{D8DCB3A2-A280-60D0-3010-00000000D001}3876cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.574{D8DCB3A2-A280-60D0-3010-00000000D001}3876cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.573{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.mozilla.org.cdn.cloudflare.net02606:4700::6812:a522;2606:4700::6812:a422;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.569{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.mozilla.org.cdn.cloudflare.net0104.18.164.34;104.18.165.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.209{D8DCB3A2-A280-60D0-3010-00000000D001}3876example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.209{D8DCB3A2-A280-60D0-3010-00000000D001}3876example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.202{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.200{D8DCB3A2-A280-60D0-3010-00000000D001}3876prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.198{D8DCB3A2-A280-60D0-3010-00000000D001}3876detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.27.13442277C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}38763008C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000169382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:28.203{D8DCB3A2-A280-60D0-3010-00000000D001}3876\gecko-crash-server-pipe.3876C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000169381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Roaming\Mozilla\Firefox\Profiles\FKT9U7~1.DEF\cert9.db-journalMD5=A77576EDDD2F31C885DA4C5F54985DD8,SHA256=07D37E677D28A3F7DB235A2E6829BCA311744E5A95BA003F6299BD5377135466,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.171{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.33.49470356C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000169377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.32.40311901C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.31.93323913C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.30.89286921C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.29.149125230C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000169369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.28.155369991C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000169354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000169353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.156{D8DCB3A2-A280-60D0-3010-00000000D001}38764184C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.152{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-A280-60D0-3010-00000000D001}38764516C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.151{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="3876.27.134422773\1824544100" -childID 4 -isForBrowser -prefsHandle 4444 -prefMapHandle 4432 -prefsLen 10575 -prefMapSize 232815 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 3876 "\\.\pipe\gecko-crash-server-pipe.3876" 4448 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\extensions.jsonMD5=5BF43CCE329DD1C8A4A3FB31410B2D83,SHA256=6978797EA909A7150F1D8E8CF65AF8ABA7AA23DB8AD49AD08BFCEB60DECA3AF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3510-00000000D001}4564C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000169340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876\chrome.3876.27.13442277C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000169339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.134{D8DCB3A2-A280-60D0-3010-00000000D001}3876368C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4D801C6594D034F99784FE7A1CCA23AB,SHA256=AD9C001B76B72BAAA859F2C4E267E803F3209C6CE64FE2F1639CB336BEDB7945,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=E14DE9A421584E6D60FC9FEF4F571A15,SHA256=EDF81A8D2BC9A44324036A16C1C8AC80A1AF6881C9DF816B77D1C47CDD30D6C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=06EC67E65B9771D35BE092AF4181CB61,SHA256=34AE0D505471838A20D772EAE6A071D97B5D76337383ED5B982E302E3E50AC55,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.103{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=50AB2305996402289FAB95496259DADA,SHA256=F44E73D7C799E216E5B6A736EF77F2CB3BED470E5CA67F1242DB40F84D19E531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=50AB2305996402289FAB95496259DADA,SHA256=F44E73D7C799E216E5B6A736EF77F2CB3BED470E5CA67F1242DB40F84D19E531,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=468F5EF57F0A3457C14F3B7B82CB4B0A,SHA256=DEB1457B6E326570F373021DDA19DF798C9255D052281BA4BA1E9F2DEA423A93,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.087{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=F2164A616C33F76C4B2E26FD4C2BAB98,SHA256=BDCD29890DBE8857E8DBAB1E39E16D7C9A577CEEEA12CEF6705543E1603BF220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=503E05123CEDDE6E52A4174784E01011,SHA256=C4EBAC7FA48FF9E068F0923E7EB685788F454AED71FBB7E8A6C5094E3CA462D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=2D65A821D8071520427FAC2AE63A548F,SHA256=C8C094A531900A78043E84863A5F5E1C75F3DD93B2E03D83109600B3449A7C99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=BEF44CECCE7393AFC298F550D84E5CD2,SHA256=D7F4D53C0CADCB36E30197751C5A67D944BA0B8F2BEB8D8FEB68958A62131F51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.jsonMD5=FE74F5C38F433736EE7015868CFB159E,SHA256=3F7B3252EF3B6217AD78ADB7007738601CE1EEBCA69F55990B64BF254BD4FC63,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4F7287DE2A1A90B5E2D49B87C79F864F,SHA256=D6E5F93FE48974FD61ABC3D3A8CC265FCD108FA31DBC8143C703D8AAE8C35E5C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=D511828E4ABAB966E6E0780CD088EF8B,SHA256=E741EA9F3CC01EF523816A2DDCF8597D6F092738D09B82482B13D6DE12F42B47,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=309735B3610ED7E5BE83D2A3DC03F99F,SHA256=C41293CA17F928319C0A829A081E1F07E7A2A9CC81CE076F7147D338BDA0E2A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=53D2D2770F3AC3A9EC8A08E37AFCDDD3,SHA256=A59F4589F991CEE8DE09C1000384BD3E39D78CD5EC5A0E51614F74555D1E1545,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4F208A9A498B576E819C4AC967DCC9D5,SHA256=B4A78BAC4E5BDE5CB51BC2C8F9D3F0CAA84FCF4B9C7C1C9B087D8552B388CAE9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=7E2A1BEBF3B83D01978C16ECC0450781,SHA256=F018A039A5582074C429448ECBB5CC09593D7EB1B6776623E767B98D0CE2D65E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=66C6CF19B0E6C0EC6C51BC2833BC4DE6,SHA256=2AD920E22BD268C8045FFE3B478984A1BBD3049728BEB9426700B81B81665F88,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.071{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=FBD07E487622F16113FE039ED60A7BCC,SHA256=836981C463FD3E96BA9A106A328078CA702A8C55B79617B2DD73E55C0B6949CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=14301291C03ED6E855D566BF52029DAA,SHA256=29D80F81AB3E533CC331AD652C10F5FBA0F189CB7A6D62F5DF1566D5A87D3FD6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=E9A4D52D1B7138F231B1A11A8BB73F1B,SHA256=B7175CF90D9154978828B4C6E69A77140B91F8C9B4607F2F3E6E6101F83F12E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=6552D09B62C6DCB33D7F935F4A5AD213,SHA256=AFE060610D134BDA2A71C746AC3BD99E11426BAA1DCDE607522BA6836122EC72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.056{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5023A8C15E4F42328E9E43B24F2D7645,SHA256=6BD33005A6172BF70B0FF146F49D4263F51AE8987FAA33766E1A95717FA8ADA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.970{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8448094CA28D6D08AEE52F9B476F1A6,SHA256=BCC1EA5CE434D6EFD5BD0745F2967BC6576C420EE2FE28A6606DBDA495124259,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.687{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50774-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.669{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50773-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.656{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50772-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.636{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50771-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.623{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50770-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 23542300x8000000000000000169539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.832{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.603{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50769-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.592{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50768-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.571{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50767-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.553{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50766-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.517{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50765-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.494{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50764-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.480{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50763-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.456{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50762-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.442{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50761-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.404{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50760-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50759-false13.32.25.77server-13-32-25-77.fra56.r.cloudfront.net443https 23542300x8000000000000000169527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.386{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.343{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55723- 354300x8000000000000000169525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.327{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50758-false143.204.93.114server-143-204-93-114.fra50.r.cloudfront.net443https 354300x8000000000000000169524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.327{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local59073- 354300x8000000000000000169523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.281{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50757-false143.204.98.4server-143-204-98-4.fra50.r.cloudfront.net443https 354300x8000000000000000169522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.281{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55698- 354300x8000000000000000169521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.280{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57536- 354300x8000000000000000169520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.264{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50337- 354300x8000000000000000169519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.246{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50754-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.238{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50756-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000169517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.172{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50755-false93.184.220.29-80http 354300x8000000000000000169516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-61787- 354300x8000000000000000169515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-64734- 354300x8000000000000000169514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.097{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50752-false44.238.3.246ec2-44-238-3-246.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.096{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50753-false95.101.81.51a95-101-81-51.deploy.static.akamaitechnologies.com80http 354300x8000000000000000169512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.095{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local56000- 354300x8000000000000000169511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.092{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54685- 354300x8000000000000000169510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64883- 354300x8000000000000000169509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50505- 354300x8000000000000000169508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63640- 354300x8000000000000000169507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.081{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64734- 354300x8000000000000000169506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.080{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local64817- 354300x8000000000000000169505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.080{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local61787- 354300x8000000000000000169504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.079{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57369- 354300x8000000000000000169503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.079{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63441- 354300x8000000000000000169502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.017{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50749-false54.201.97.206ec2-54-201-97-206.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.958{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local57821- 354300x8000000000000000169500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.956{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58943- 354300x8000000000000000169499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.947{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50751-false34.98.75.3636.75.98.34.bc.googleusercontent.com443https 23542300x8000000000000000169498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.255{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=BD716658A4C6A2096EE878F35381FC9A,SHA256=8DC61825690460E51D1E629197F054183E3D269A38EB1A099749E0B52CE44275,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000169497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.369{D8DCB3A2-A280-60D0-3010-00000000D001}3876d1zkz3k4cclnv6.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.355{D8DCB3A2-A280-60D0-3010-00000000D001}3876d1zkz3k4cclnv6.cloudfront.net013.32.25.82;13.32.25.8;13.32.25.111;13.32.25.77;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.341{D8DCB3A2-A280-60D0-3010-00000000D001}3876dzlgdtxcws9pb.cloudfront.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.339{D8DCB3A2-A280-60D0-3010-00000000D001}3876dzlgdtxcws9pb.cloudfront.net0143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.338{D8DCB3A2-A280-60D0-3010-00000000D001}3876www.firefox.com0type: 5 fxc-prod.moz.works;type: 5 dzlgdtxcws9pb.cloudfront.net;::ffff:143.204.93.114;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.113{D8DCB3A2-A280-60D0-3010-00000000D001}3876a1887.dscq.akamai.net02a02:26f0:1700:f::1737:a1a4;2a02:26f0:1700:f::1737:a194;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.107{D8DCB3A2-A280-60D0-3010-00000000D001}3876a1887.dscq.akamai.net095.101.81.35;95.101.81.51;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000169490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.106{D8DCB3A2-A280-60D0-3010-00000000D001}3876r3.o.lencr.org0type: 5 o.lencr.edgesuite.net;type: 5 a1887.dscq.akamai.net;::ffff:95.101.81.51;::ffff:95.101.81.35;C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000169489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.947{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62475- 354300x8000000000000000169488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.946{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65365- 354300x8000000000000000169487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.933{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50750-false143.204.205.86server-143-204-205-86.fra53.r.cloudfront.net443https 354300x8000000000000000169486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.932{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local63950- 354300x8000000000000000169485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.920{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50748-false44.236.48.31ec2-44-236-48-31.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.878{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58401- 354300x8000000000000000169483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:27.875{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local54708- 10341000x8000000000000000169482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.086{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000169481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.086{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000169480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.053{D8DCB3A2-A280-60D0-3010-00000000D001}38765272C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3210-00000000D001}4768C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.947{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=423C461183E48B11F424BBA9FADF19C9,SHA256=2169394CE9189B7FDA2134B4A5CBFEDE66D2D57E5A46200DD733F29A1B081209,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.786{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=FE86E56DFF9C8FAF89E9AD747328AC11,SHA256=5C568F9A42D021CEC9143132300BF2B494BC779226F99F81B02299D7F9F8FA31,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.669{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.654{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.634{D8DCB3A2-A286-60D0-3C10-00000000D001}41164852C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3C10-00000000D001}4116C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\aborted-session-pingMD5=5E72C68A8925637FFFE5C5EA9AC5C646,SHA256=8211E8C760490330128430035A92E26CBC2FA069CA5E40947F3D5B38B335BBA0,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.626{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/7bd79f12-644d-433b-8bff-c2f2ad0fb4fc/first-shutdown/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\7bd79f12-644d-433b-8bff-c2f2ad0fb4fcC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000169620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.618{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-A286-60D0-3A10-00000000D001}48965536C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3A10-00000000D001}4896C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.602{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=04CD79BF402035104DE05DD93F3EFC0D,SHA256=A3A41917FBA17DA3EE56433E9E4AAFCD380697B597C02524AF4C8F1CA86FC198,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.599{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/a5e30cc9-60f4-4342-9ad5-4ae59e602743/event/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\a5e30cc9-60f4-4342-9ad5-4ae59e602743C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000169608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.587{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.572{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-A286-60D0-3810-00000000D001}29242596C:\Windows\system32\conhost.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3810-00000000D001}2924C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000169602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.555{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\session-state.jsonMD5=9817034E7557012220CFB5729B83C10B,SHA256=8E9A6D2A630A89F5579C1B51678CC14E25B237136FE80EFD3845A26B36C59692,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.532{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000169595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.545{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/15b93bab-cb60-4657-b0e0-e129a01f12db/new-profile/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\15b93bab-cb60-4657-b0e0-e129a01f12dbC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000169594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.485{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage.sqlite-journalMD5=12B59BD84BFBC315FD271BD2F958732C,SHA256=72A19CC1E414F39C95A125B5C7F18EDB751C472632DE3B92D7ACEF057750FAD4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=6D05279C979F9BDD02EC1C80067EFD62,SHA256=AF873CB9C1AF9EEAAFCC33A21743DAFE276FF11E97AAC7210B34ABC3488866FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=CA19BDBAC1DB10B7FA83E9B60AE9DB3F,SHA256=02CAC473B76607F195ED1FD967A8B9AC315159E2A989BE124BDD4662FA6C4D4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-walMD5=5F0A0E5E8C08C86815B4CB248408B05A,SHA256=1149E65AF4F2C71C98DF3DE11E4B4D9DD19FA528825817E72C8AC10E6632BA4D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=D4E134D142A56B832740AA8B7E29C30B,SHA256=9509ABAED9B548EE3898555C132BD84562B8FB54C55E40C2A3A51D5C79549849,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-walMD5=17E505145A96B1F7B088252871999740,SHA256=F8F360775B9661C25FB63744F32A38E7797541AC903D82F6A757E5E38A470143,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=5D076F7AA7536C1875335677E9241122,SHA256=21C20783380B1DF34F103BF86F3C82A91FF25FF9D8FFC762D4AAE1FFE60CD3DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-walMD5=1E65DE2B146A0A0E3CB6CA1BA3AD9777,SHA256=DE33D02C0DDDF3E9D3330CCE65D11BA1AC788EABB580A23724DF78C544DFEA51,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=40DCD758F82AF625A38A13BA37D220A7,SHA256=F66C996FFF4F5671393F7129171E8C73E6AF5019CAA7BA5B6593CD8FF841F74E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.470{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-walMD5=0AA1C70A2CB5726E8D05433A93575C11,SHA256=F28706F83DEBF46C8E378A87168FBD568EE8F010AB7678D2C366EDC51A943B45,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-shmMD5=FD28ABDF1F7F073FEFA1AAECDAB8F6EF,SHA256=B417D255896FBCADB277289AE196B5490D77FB62949F3E8D96EADD1BA745BD46,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.454{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-walMD5=1DF855DBF4029C74AB543AB1C8E652C2,SHA256=30145DA67540DC6EAA5383DEBD39E20AECE7498A2A609FA7605413A1EB2A3E08,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.450{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=7F84D515A7F7F96D5E05C9F379C688DE,SHA256=97DA3E36AB23CF2388DC44696EDCB54852621F9B2B46AB81F213DD2D66885EA3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.432{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-walMD5=6112C3D5C639D704B94A05958F8F2D6D,SHA256=A264587CF95040A903F369D44816B45D49A302ABDB719C9257517A0F2D74B2BD,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.109{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65455- 354300x8000000000000000169579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.108{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local60590- 354300x8000000000000000169578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.108{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62677- 354300x8000000000000000169577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local55830- 354300x8000000000000000169576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local62896- 354300x8000000000000000169575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.105{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local53domaintrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local58586- 354300x8000000000000000169574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.719{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50776-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 354300x8000000000000000169573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:28.700{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50775-false13.32.25.8server-13-32-25-8.fra56.r.cloudfront.net443https 23542300x8000000000000000169572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.417{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-shmMD5=A8A08AABE098CBFC6E1F917D340BAF0A,SHA256=B2721DF0229BB127AD3AD8F9EF574B6487031D09E77719777017A2622CC34AFB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.417{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-walMD5=0754556B0F590E590F6E119D988453FA,SHA256=1E88E6FF9BAD58570D78F6EAF8654C16A531FA53BF015AB1AE77954E47991AC8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.401{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=6FDB0DC5B3E14B562C725918B4D5D514,SHA256=23D1460E2C10983D93D956572029EFBD167039182054910E6EDFACE2915E6461,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.401{D8DCB3A2-A282-60D0-3310-00000000D001}2836ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\ADMINI~1\AppData\Local\Temp\mozilla-temp-files\mozilla-temp-41MD5=D910AD167F0217587501FDCDB33CC544,SHA256=E3699D9404A3FFC1AFF0CA8A3972DC0EF38BDAB927741E9F627C7C55CEA42E81,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 11241100x8000000000000000169565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txt2021-06-21 14:30:30.385 23542300x8000000000000000169564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.385{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\protections.sqlite-journalMD5=C567A9CF4EC129A04FD82E950188DC4E,SHA256=FAB1FF167B645ECF3E1D8C552D274CF42A2F62D06D125DDC88A2C3028349B21A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.370{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\protections.sqlite-journalMD5=89AA8FAD8289E8E46D5418E331D777B7,SHA256=DEC686ADD3EE31EEED16B4E1455A42DB4DB7D751EE8DF7B77D024E58B1974E0B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.370{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A280-60D0-3010-00000000D001}3876C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A284-60D0-3610-00000000D001}2060C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 10341000x8000000000000000169552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000000C0F2E61E84) 23542300x8000000000000000169551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-walMD5=A36CD294EB865DC11380B2A2C3436FAF,SHA256=323A372534176DE63AFDA1E59AA37030540518FCB2C57D266BDF13C8DD132532,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=7CA26B3FFD0B6FE776A19C6B25D87E1B,SHA256=A287028315E614EB3E722A4AB5D6F849FD06FEEB0681C382E40CCE259C9EC7CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.jsonlz4MD5=A2C83482E38CC3769FA5CC010E8989C9,SHA256=B1E05199427CECA4ED8C84D7A2F583C450E6AF5BE81295D06F1F0F8BC1C5A3F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.354{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3410-00000000D001}5604C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.349{D8DCB3A2-A280-60D0-3010-00000000D001}3876ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.332{D8DCB3A2-A280-60D0-3010-00000000D001}38761084C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A282-60D0-3310-00000000D001}2836C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d79c0|C:\Program Files\Mozilla Firefox\xul.dll+29b168e|C:\Program Files\Mozilla Firefox\xul.dll+1a716e6|C:\Program Files\Mozilla Firefox\xul.dll+4d41c2|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+20a5a9|C:\Program Files\Mozilla Firefox\xul.dll+2df3052|C:\Program Files\Mozilla Firefox\xul.dll+84609b|C:\Program Files\Mozilla Firefox\xul.dll+1e5c61|C:\Program Files\Mozilla Firefox\xul.dll+37f3ca2|C:\Program Files\Mozilla Firefox\xul.dll+198566b|C:\Program Files\Mozilla Firefox\xul.dll+1987d4b|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 23542300x8000000000000000169647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.947{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6150C60E52EF081E923A92C0ECA4C7,SHA256=B23503ED8C2FA35473DC78903E854ABDA44B9B84DD1974304C1D5A97A6C3A1EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.557{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A3EBE01BCB438530D04FF743BDE6F354,SHA256=2FB71B12A2660CF5B04453BFCE744BD4C50B3EE226A4F65D89820D1877F14165,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:29.141{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\System32\dns.exeNT AUTHORITY\SYSTEMudpfalsefalse127.0.0.1-53domainfalse127.0.0.1-55830- 23542300x8000000000000000169644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.354{D8DCB3A2-A286-60D0-3B10-00000000D001}4460ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\7bd79f12-644d-433b-8bff-c2f2ad0fb4fcMD5=8BA3C3D2569E16C8F4D81E4A5D3230BA,SHA256=31DEFDBC340CC80CF147E63A853EA1ACA302DDBD40DB2FA3A297A5114A399F8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.338{D8DCB3A2-A286-60D0-3910-00000000D001}2712ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\a5e30cc9-60f4-4342-9ad5-4ae59e602743MD5=D6F96F2B38905C3966859707917D651E,SHA256=D83D6F179F3C3FA27441C62BF31D1588ACFF2D5F2E150E22FEAAE39103FE6E22,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:31.307{D8DCB3A2-A286-60D0-3710-00000000D001}4020ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\pingsender.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\15b93bab-cb60-4657-b0e0-e129a01f12dbMD5=D5E39C5B3C6A0F545654E847395F1E32,SHA256=6EFBE1CBD6E61176E177275472C41169E1A2C5B2EB5F42881DBF394045D8F0EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.963{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2BC15D7F7860A08431F5FB06AA752EAC,SHA256=30D44C3525609B060709E2A15270B4116020452514642A5625F419F75C19CF04,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.932{D8DCB3A2-A288-60D0-3E10-00000000D001}5516C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000169659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.801{D8DCB3A2-A286-60D0-3B10-00000000D001}4460C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50780-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.777{D8DCB3A2-A286-60D0-3910-00000000D001}2712C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50779-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.764{D8DCB3A2-A286-60D0-3710-00000000D001}4020C:\Program Files\Mozilla Firefox\pingsender.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50778-false52.13.236.190ec2-52-13-236-190.us-west-2.compute.amazonaws.com443https 354300x8000000000000000169656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:30.172{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50777-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000169655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.197{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:32.198{D8DCB3A2-A288-60D0-3D10-00000000D001}1444C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.604{D8DCB3A2-A289-60D0-3F10-00000000D001}3456C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.213{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6886A3F6423FFAB80D047DC71023ACBE,SHA256=13D3C08BDEBB2AACEE941F3CFFFA0C59C8C52667C8FB32DD4D09298E290C26C1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:33.104{D8DCB3A2-A288-60D0-3E10-00000000D001}55165060C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:34.635{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E9B6F5B0A298DDB8F1772C220DDAE0C0,SHA256=0F13B3C26236C9660258FCB46D3D14FC5DCFE6C355DD5F959716BBF59B2791D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:34.182{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BB4792B8DD5D17A89B17E2E677F31FB2,SHA256=6636B66B2F6908F1D47906A2D55521BF25E660B85D8E9319B58D0A6E582BD179,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.932{D8DCB3A2-A28B-60D0-4110-00000000D001}46165400C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.775{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.776{D8DCB3A2-A28B-60D0-4110-00000000D001}4616C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.244{D8DCB3A2-A28B-60D0-4010-00000000D001}32242140C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.197{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=132E6EEB72FCA6B3F24A194D7DB42BFC,SHA256=1181F2F4E102D5D3DAE83FC8BDB8F141488D29CF3968739B787E2EF6EEA6EF51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:35.104{D8DCB3A2-A28B-60D0-4010-00000000D001}3224C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000169710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.595{D8DCB3A2-A28C-60D0-4210-00000000D001}10204472C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.455{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.456{D8DCB3A2-A28C-60D0-4210-00000000D001}1020C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.229{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DE16790F0DFCFB785D660F66F45E483E,SHA256=ECF63D5C7BA7393466226588654563FE289E3900730551689BAB86B11D2F0802,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.104{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A79106DB655EF1AF938C383473E0454D,SHA256=68B17F9029C077116F0EE182FB55D6AAA97790F594B907C2057555CA616E7B47,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.595{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.596{D8DCB3A2-A28D-60D0-4310-00000000D001}5816C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000169712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=96EC32C6B6EBFD2F79B2E3B6C9F4ACEC,SHA256=50F8A98DE51704E6B2E32EAABE98E51E24AF8E5A02CC8E9A99D45BB40D0E50E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:37.408{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30DC4E1F8A503D5AEA5A24E3B9585F54,SHA256=383287C4F65DEDC04F0FF4F06862C86971038021374F0D17E052F406A6639025,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.986{D8DCB3A2-A28E-60D0-4A10-00000000D001}32766040C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4A10-00000000D001}3276C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-A28E-60D0-4810-00000000D001}54323284C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.981{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.js 10341000x8000000000000000169778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.970{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.939{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B457E181A1A622FB64B71034C94F1E24,SHA256=47D1145C8AC4950ABC620F21FC061A6BFC9D3E0657BB1D85B70E58AD2AD37DEF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.923{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50205944C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.914{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.jsC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" 13241300x8000000000000000169765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1060,RunKeySetValue2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exeHKLM\SOFTWARE\Microsoft\.NETFramework\ETWEnabledDWORD (0x00000000) 10341000x8000000000000000169764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.908{D8DCB3A2-A28E-60D0-4410-00000000D001}50203136C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-A28E-60D0-4610-00000000D001}6725556C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-A28E-60D0-4510-00000000D001}57885668C:\Windows\System32\net.exe{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.852{D8DCB3A2-A28E-60D0-4710-00000000D001}360C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 11241100x8000000000000000169749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.845{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\Temp.lnk2021-06-21 14:30:38.845 10341000x8000000000000000169748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-A28E-60D0-4610-00000000D001}6725556C:\Windows\system32\conhost.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.814{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4610-00000000D001}672C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-A28E-60D0-4410-00000000D001}50201524C:\Windows\System32\WScript.exe{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.805{D8DCB3A2-A28E-60D0-4510-00000000D001}5788C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" 10341000x8000000000000000169737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.800{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000169735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.689{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\dasdasd.js.lnk2021-06-21 14:30:38.689 10341000x8000000000000000169734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.673{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4534-60D0-1400-00000000D001}10925876C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\cryptsvc.dll+6124|c:\windows\system32\cryptsvc.dll+5e34|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856836C:\Windows\Explorer.EXE{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\WScript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHELL32.dll+18cf7c|C:\Windows\System32\SHELL32.dll+18ccd3|C:\Windows\System32\SHCORE.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.652{D8DCB3A2-A28E-60D0-4410-00000000D001}5020C:\Windows\System32\wscript.exe5.812.10240.16384Microsoft ® Windows Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationwscript.exe"C:\Windows\System32\WScript.exe" "C:\Temp\dasdasd.js" C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BEB231ACF04E40B506403920D4DD795A,SHA256=2548884526E8FBC5781F5B3B2972E9B20CC16DD86BDE93D2E888023F6919F5A2,IMPHASH=661A40859BC6D47752E9FC5E02C1862C{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 23542300x8000000000000000169723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B5926703BD138EB9F507CEBA7088DC1,SHA256=E274EC2D24EE1479E1FB0C496FE360A196F0D80F8F88A11B1ABAA6A392230A5E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:38.611{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=766975D42230F62688B6D57B14140F89,SHA256=B1A596DCE643FE9D39205F2E7825086893A089E1B651A6E1527917972C951A3E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000169721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:36.013{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50781-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000169851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=49E692B5C0ACCF751B4CCA51EC3DE9AE,SHA256=2FC52E5B3C0C7268F9C8BF6022C3D94B7D4E30C09B86E875FA473ACD20C1EBB6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7C9A27BBA0B0E6FB054DC869B6454021,SHA256=AB098CDB8AA0520EF147232971DE6B5AD0FDE430706969696371ADEDA3AC6F14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.220{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\dasdasd.jsMD5=976FEDDD31A7A63C498F982814F17B22,SHA256=3119DB10DD3BBE8777E9C27AAEA24207A50CD9336BAAD95AA74F4E4272DAD101,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.189{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-A28F-60D0-4F10-00000000D001}30164084C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.173{D8DCB3A2-A28F-60D0-4E10-00000000D001}49125008C:\Windows\System32\net.exe{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.175{D8DCB3A2-A28F-60D0-5010-00000000D001}6024C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 10341000x8000000000000000169833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000169831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.158{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC8B2E99339C98DE04258AAED7ED3A97,SHA256=490E68FB17894C0797E5B95222C67CB8917A6686521D619A18BC062DC51B93DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-A28F-60D0-4F10-00000000D001}30164084C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4F10-00000000D001}3016C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885220C:\Windows\System32\cscript.exe{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.146{D8DCB3A2-A28F-60D0-4E10-00000000D001}4912C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.142{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.095{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.080{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.080{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.064{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.064{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.048{D8DCB3A2-A28E-60D0-4810-00000000D001}54324300C:\Windows\System32\WScript.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.055{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe5.812.10240.16384Microsoft ® Console Based Script HostMicrosoft ® Windows Script HostMicrosoft Corporationcscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.jsC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8552F94CFD39A4C307BCD1BD88D41604,SHA256=6216383428EAB3292C5590C70D24B33A7D84FBF1C463E331C40F052E6EA356FE,IMPHASH=77838A7D26CC1C7050C41CF6165BAD0E{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\wscript.exe"C:\Windows\System32\WScript.exe" C:\Temp\dasdasd.js 13241300x8000000000000000169805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1060,RunKeySetValue2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnableDWORD (0x00000000) 10341000x8000000000000000169804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+534ee|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+1c0e5|C:\Windows\System32\SHELL32.dll+53458|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580|C:\Windows\System32\jscript.dll+b2a5|C:\Windows\System32\jscript.dll+88ab|C:\Windows\System32\jscript.dll+9aa9 10341000x8000000000000000169802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+5343a|C:\Windows\System32\SHELL32.dll+84812|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0|C:\Windows\System32\jscript.dll+19580 10341000x8000000000000000169800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6497|C:\Windows\System32\shcore.dll+6387|C:\Windows\System32\shcore.dll+62fd|C:\Windows\System32\shcore.dll+620a|C:\Windows\System32\SHELL32.dll+c5d7a|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6482|C:\Windows\System32\shcore.dll+617d|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f 10341000x8000000000000000169798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.033{D8DCB3A2-A28E-60D0-4810-00000000D001}54323124C:\Windows\System32\WScript.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\shcore.dll+64c8|C:\Windows\System32\shcore.dll+6154|C:\Windows\System32\shcore.dll+5e3d|C:\Windows\System32\shcore.dll+5dcf|C:\Windows\System32\shcore.dll+5cd4|C:\Windows\System32\SHELL32.dll+c5d68|C:\Windows\System32\SHELL32.dll+84ae4|C:\Windows\System32\SHELL32.dll+84738|C:\Windows\System32\ieframe.dll+1c993e|C:\Windows\System32\ieframe.dll+1c96e9|C:\Windows\System32\wshom.ocx+c790|C:\Windows\System32\OLEAUT32.dll+23aff|C:\Windows\System32\OLEAUT32.dll+c2e5|C:\Windows\System32\OLEAUT32.dll+c836|C:\Windows\System32\wshom.ocx+cef3|C:\Windows\System32\wshom.ocx+c51d|C:\Windows\System32\jscript.dll+e579|C:\Windows\System32\jscript.dll+2c048|C:\Windows\System32\jscript.dll+37c6f|C:\Windows\System32\jscript.dll+16c7e|C:\Windows\System32\jscript.dll+1921f|C:\Windows\System32\jscript.dll+18fc0 10341000x8000000000000000169797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-A28E-60D0-4A10-00000000D001}32766040C:\Windows\system32\conhost.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.002{D8DCB3A2-A28E-60D0-4910-00000000D001}50763796C:\Windows\System32\net.exe{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\system32\net1.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\net.exe+240f|C:\Windows\System32\net.exe+1883|C:\Windows\System32\net.exe+163b|C:\Windows\System32\net.exe+1375|C:\Windows\System32\net.exe+26fd|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:39.010{D8DCB3A2-A28F-60D0-4B10-00000000D001}2412C:\Windows\System32\net1.exe10.0.14393.0 (rs1_release.160715-1616)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet1.exeC:\Windows\system32\net1 sessionC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=946383ED00F5CD92DBCB7CDB878ED819,SHA256=E92A2FA67AD2F7367ABA1ABF237D245B5E36291C5A4A9F0FC04B3A0E32FF618E,IMPHASH=E2F26A4CA577CF6DBACE937727934F80{D8DCB3A2-A28E-60D0-4910-00000000D001}5076C:\Windows\System32\net.exe"C:\Windows\System32\net.exe" session 11241100x8000000000000000169854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline2021-06-21 14:30:40.986 11241100x8000000000000000169853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:40.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dll2021-06-21 14:30:40.986 23542300x8000000000000000169852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.799{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D16F1CFA71F3EB1BA8F032A93039FB31,SHA256=3002FA9C0C301EA6876FB0416EF6F620162329B15F199CC4B8FBFFD429866510,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9E3481590F7204EF5D6B7E7CA717C45C,SHA256=A9935F1518846A06B2AAE322463D9BAD9240F9EAF0BF1B87EF9725AC6CD6A933,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.783{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FB63DFF47E397D92420BCCE01DC266C,SHA256=5CF70E1D2B3865E472537F8EED429DAB467FC633D4EE1273284C98F5D621EB15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.736{D8DCB3A2-A291-60D0-5C10-00000000D001}5028ATTACKRANGE\AdministratorC:\Windows\System32\cmd.exeC:\$Recycle.Bin\S-1-5-~1\desktop.iniMD5=A526B9E7C716B3489D8CC062FBCE4005,SHA256=E1B9CE9B57957B1A0607A72A057D6B7A9B34EA60F3F8AA8F38A3AF979BD23066,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000170211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\fdPHost\StartDWORD (0x00000002) 13241300x8000000000000000170210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\upnphost\StartDWORD (0x00000002) 13241300x8000000000000000170209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\SstpSvc\StartDWORD (0x00000004) 13241300x8000000000000000170208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\Dnscache\StartDWORD (0x00000002) 13241300x8000000000000000170207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.689{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\FDResPub\StartDWORD (0x00000002) 10341000x8000000000000000170206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.673{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1031,T1050SetValue2021-06-21 14:30:41.673{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exeHKLM\System\CurrentControlSet\Services\SSDPSRV\StartDWORD (0x00000002) 10341000x8000000000000000170201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.642{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.642{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A291-60D0-7210-00000000D001}56164468C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=998633B1ACEEF032F0B01BE2D4A9EBBF,SHA256=65EADA7490061905E87DE5DC9BBF38D74FBFE9B2EFAC4DFB1429D5531B7B8024,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.627{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7210-00000000D001}5616C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-D00F-00000000D001}1292C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.611{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A031-60D0-8A0F-00000000D001}3428C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9900-00000000D001}4400C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A291-60D0-7010-00000000D001}53562392C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9000-00000000D001}2432C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884328C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6D10-00000000D001}15045636C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.589{D8DCB3A2-A291-60D0-7110-00000000D001}6032C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config MBAMService start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45BE-60D0-8400-00000000D001}1272C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6E10-00000000D001}48965840C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-4100-00000000D001}3512C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13045040C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6C10-00000000D001}38161444C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3C00-00000000D001}3400C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-7010-00000000D001}5356C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-D00F-00000000D001}1292C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A291-60D0-6B10-00000000D001}47646076C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-3000-00000000D001}1232C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A031-60D0-8A0F-00000000D001}3428C:\Windows\system32\wbem\unsecapp.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2F00-00000000D001}1152C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.580{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A291-60D0-6610-00000000D001}32285304C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2500-00000000D001}2776C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-453D-60D0-2300-00000000D001}2612C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9900-00000000D001}4400C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4538-60D0-2100-00000000D001}2496C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6E10-00000000D001}4896C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4537-60D0-2000-00000000D001}2488C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1F00-00000000D001}2112C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A291-60D0-6510-00000000D001}36684148C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6D10-00000000D001}1504C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885200C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000170048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.569{D8DCB3A2-A291-60D0-6F10-00000000D001}5736C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SstpSvc start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6B10-00000000D001}4764C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9000-00000000D001}2432C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6C10-00000000D001}3816C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45BE-60D0-8400-00000000D001}1272C:\Windows\System32\msdtc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1700-00000000D001}1392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-4100-00000000D001}3512C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1400-00000000D001}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3C00-00000000D001}3400C:\Windows\System32\vds.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-3000-00000000D001}1232C:\Windows\system32\dfssvc.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1100-00000000D001}404C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2F00-00000000D001}1152C:\Windows\System32\ismserv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0F00-00000000D001}324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0E00-00000000D001}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882836C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 10341000x8000000000000000170019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6610-00000000D001}3228C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 154100x8000000000000000170017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.555{D8DCB3A2-A291-60D0-6A10-00000000D001}4020C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config fdPHost start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882564C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000170013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.554{D8DCB3A2-A291-60D0-6910-00000000D001}2256C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config upnphost start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.548{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2600-00000000D001}2852C:\Windows\system32\dns.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6510-00000000D001}3668C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885732C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.545{D8DCB3A2-A291-60D0-6810-00000000D001}3120C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config FDResPub start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2500-00000000D001}2776C:\Windows\System32\spoolsv.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-453D-60D0-2300-00000000D001}2612C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4538-60D0-2100-00000000D001}2496C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884768C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.544{D8DCB3A2-A291-60D0-6710-00000000D001}6012C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLWriter start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4537-60D0-2000-00000000D001}2488C:\Users\Public\splunkd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1F00-00000000D001}2112C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1700-00000000D001}1392C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A291-60D0-6210-00000000D001}9402404C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A291-60D0-6110-00000000D001}10841460C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1400-00000000D001}1092C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.536{D8DCB3A2-A291-60D0-6410-00000000D001}1980C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SSDPSRV start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1100-00000000D001}404C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0F00-00000000D001}324C:\Windows\System32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0E00-00000000D001}996C:\Windows\system32\LogonUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.533{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\system32\svchost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.530{D8DCB3A2-A291-60D0-6310-00000000D001}3640C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config Dnscache start= autoC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A281-60D0-3110-00000000D001}33965648C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+6fb3|C:\Windows\system32\wbem\cimwin32.dll+7471|C:\Windows\SYSTEM32\framedynos.dll+5899|C:\Windows\SYSTEM32\framedynos.dll+adc4|C:\Windows\system32\wbem\wmiprvse.exe+a731|C:\Windows\system32\wbem\wmiprvse.exe+a344|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000169957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A291-60D0-6010-00000000D001}28203776C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-A291-60D0-5D10-00000000D001}48724740C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6210-00000000D001}940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.517{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6110-00000000D001}1084C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-6010-00000000D001}2820C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A291-60D0-5B10-00000000D001}41561940C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5D10-00000000D001}4872C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.510{D8DCB3A2-A291-60D0-5F10-00000000D001}860C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /c rd /s /q D:\\$Recycle.binC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884424C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.508{D8DCB3A2-A291-60D0-5E10-00000000D001}5600C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLTELEMETRY$ECWDB2 start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000169932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000169929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.504{D8DCB3A2-A291-60D0-5C10-00000000D001}5028C:\Windows\System32\cmd.exe10.0.14393.0 (rs1_release.160715-1616)Windows Command ProcessorMicrosoft® Windows® Operating SystemMicrosoft CorporationCmd.Exe"C:\Windows\System32\cmd.exe" /c rd /s /q %%SYSTEMDRIVE%%\\$Recycle.binC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=F4F684066175B77E0C3A000549D2922C,SHA256=935C1861DF1F4018D698E8B65ABFA02D7E9037D8F68CA3C2065B6CA165D44AD2,IMPHASH=3062ED732D4B25D1C64F084DAC97D37A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5B10-00000000D001}4156C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882584C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58df12|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd95|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+58dd65|C:\Windows\assembly\NativeImages_v4.0.30319_64\mscorlib\66e6de50ffc98a394cc7addf10a394da\mscorlib.ni.dll+633e85|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\clr.dll+6913 154100x8000000000000000169920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.500{D8DCB3A2-A291-60D0-5A10-00000000D001}5656C:\Windows\System32\sc.exe10.0.14393.0 (rs1_release.160715-1616)Service Control Manager Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsc.exe"C:\Windows\System32\sc.exe" config SQLTELEMETRY start= disabledC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BD31EB150F6547D18329E5F00801D1CD,SHA256=8A775B86CE1A057E290CCD26C59C96070684468A3119790743A346CD54F4DFDF,IMPHASH=A68324ADB4F5664AF8A79E04062F4A92{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000169911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.490{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Get-CimInstance Win32_ShadowCopy | Remove-CimInstanceC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.486{D8DCB3A2-A291-60D0-5810-00000000D001}56881056C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5810-00000000D001}5688C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A291-60D0-5610-00000000D001}26325288C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13044056C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882204C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.473{D8DCB3A2-A291-60D0-5710-00000000D001}4916C:\Windows\System32\schtasks.exe10.0.14393.0 (rs1_release.160715-1616)Task Scheduler Configuration ToolMicrosoft® Windows® Operating SystemMicrosoft Corporationsctasks.exe"C:\Windows\System32\schtasks.exe" /DELETE /TN "Raccine Rules Updater" /FC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=EEB7A2162E4DBE32B56BEB84658483AE,SHA256=A9A4FD9C1BB7C5CF8F77F761CAE60F4AC4AFB8DAEEBB46B3AD6983D5E599CDC1,IMPHASH=8AC94113AD25518D369E4EE37BEDAB4F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-A291-60D0-5410-00000000D001}45284488C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.470{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5610-00000000D001}2632C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5410-00000000D001}4528C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388972C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.466{D8DCB3A2-A291-60D0-5510-00000000D001}5352C:\Windows\System32\taskkill.exe10.0.14393.0 (rs1_release.160715-1616)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exe"C:\Windows\System32\taskkill.exe" /F /IM RaccineSettings.exeC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8C066C766F5CD84CBC47E14712C54FD0,SHA256=0EA8C0267A76B543302C4258B78BC477AA8876767B7A526549CCE34EEF6D859F,IMPHASH=5F3868B59CD541824A308E7BB7B9CAC3{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000169886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.455{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883860C:\Windows\System32\cscript.exe{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.459{D8DCB3A2-A291-60D0-5310-00000000D001}5088C:\Windows\System32\taskkill.exe10.0.14393.0 (rs1_release.160715-1616)Terminates ProcessesMicrosoft® Windows® Operating SystemMicrosoft Corporationtaskkill.exe"C:\Windows\System32\taskkill.exe" /F /IM Raccine.exeC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=8C066C766F5CD84CBC47E14712C54FD0,SHA256=0EA8C0267A76B543302C4258B78BC477AA8876767B7A526549CCE34EEF6D859F,IMPHASH=5F3868B59CD541824A308E7BB7B9CAC3{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000169879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dllMD5=1695DC10D6943756AC76E1710F794F27,SHA256=A23E3193334857FAC16AEA04988F5E37291989086D7EA03D27F3B7272BD7C84D,IMPHASH=DAE02F32A21E03CE65412F6E56942DAAtruetrue 23542300x8000000000000000169878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.outMD5=329FDDFE67FDEC8894EDFBEC0B2DFD89,SHA256=AD0B09B4BE3B61D4E085C874CDA4AD54C06529A446B3BF90852A54281E438246,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.0.csMD5=6C07E96280D95B04B32B1A9C202569D7,SHA256=156F662BE30B207066B8795BC36A09EF76F06AF9F9D452953B048A13777B49D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdlineMD5=5BAA05097BCDA35D41569A8452579ADE,SHA256=8AF3CCEBB7A8A78F42258F6AA8FDF87C93BC2B22072218D35EDDC04BF8B40E44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\CSCE9893A8CA0B545F38070CA12B2BB138.TMPMD5=92F60683899F011D7AADC8A2C51F86CD,SHA256=44A63CB49F24A6724FB31DE71D10F8293BD22459A1272907B0B8E3CD3680454A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000169874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dll2021-06-21 14:30:40.986 23542300x8000000000000000169873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.dllMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.111{D8DCB3A2-A290-60D0-5110-00000000D001}4004ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exeC:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmpMD5=4B977E0BA4C0FF8D9C619FE23F453E10,SHA256=CE8F1063137A1B77916433FA71615860EA203DF01AF42C038283070E801BBD81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000169871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A291-60D0-5210-00000000D001}4428ATTACKRANGE\AdministratorC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exeC:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmpMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000169870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.095{D8DCB3A2-A290-60D0-5110-00000000D001}40046120C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+b46d|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3db4|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+3f2c|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+4002|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+27b2|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+2804|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorpehost.dll+2948|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+7fe06|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+4726f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45e1f|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45b16|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+45826|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1938a|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+18bf6|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+a831|C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe+1f0a49|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000169863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.101{D8DCB3A2-A291-60D0-5210-00000000D001}4428C:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe14.10.25028.0 built by: VCTOOLSD15RTMMicrosoft® Resource File To COFF Object Conversion UtilityMicrosoft® .NET FrameworkMicrosoft CorporationCVTRES.EXEC:\Windows\Microsoft.NET\Framework64\v4.0.30319\cvtres.exe /NOLOGO /READONLY /MACHINE:IX86 "/OUT:C:\Users\ADMINI~1\AppData\Local\Temp\RES497D.tmp" "c:\Users\Administrator\AppData\Local\Temp\1o5xmfri\CSCE9893A8CA0B545F38070CA12B2BB138.TMP"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C877CBB966EA5939AA2A17B6A5160950,SHA256=1FE531EAC592B480AA4BD16052B909C3431434F17E7AE163D248355558CE43A6,IMPHASH=55D76ADE7FFEA0F41FF2B55505C2B362{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline" 10341000x8000000000000000169862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-A28F-60D0-4D10-00000000D001}58485632C:\Windows\system32\conhost.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000169857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000169856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.017{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2be405|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2be05f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bdb80|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bdb08|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2bc1c3|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d8e81|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d86ac|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+7d81aa|UNKNOWN(00007FFDBEE3141B) 154100x8000000000000000169855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:40.999{D8DCB3A2-A290-60D0-5110-00000000D001}4004C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe4.8.3761.0 built by: NET48REL1Visual C# Command Line CompilerMicrosoft® .NET FrameworkMicrosoft Corporationcsc.exe"C:\Windows\Microsoft.NET\Framework64\v4.0.30319\csc.exe" /noconfig /fullpaths @"C:\Users\Administrator\AppData\Local\Temp\1o5xmfri\1o5xmfri.cmdline"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=23EE3D381CFE3B9F6229483E2CE2F9E1,SHA256=4240A12E0B246C9D69AF1F697488FE7DA1B497DF20F4A6F95135B4D5FE180A57,IMPHASH=EE1E569AD02AA1F7AECA80AC0601D80D{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DCC3096D9EFD3845983CF0BA0148A0D,SHA256=7C4041FBFB0D09FB6E0C1665897571D932A1C0DA57CE86FE63A25FEBF330065E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.720{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1236B41EA0459244365A6572A104642C,SHA256=42211067F332757D2AE35686EBF1E0E834258934AEF37B19E3DBA211FBA3D18B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=39C9E538FE17214644553BF52B2E16E1,SHA256=692FDAECC02BEA951454FA6217ADA80302D8AA79EC73D59A378F28A610F678F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=54C3688FA626D93D31FE0F78C1A727E4,SHA256=4F459C7E4E7ADD749A9B0732152B0461FE8CBDAD6F514B69B7A8783434903ACD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.689{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.627{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4534-60D0-1000-00000000D001}4123824C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|c:\windows\system32\es.dll+14045|c:\windows\system32\es.dll+200bc|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.611{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1ecba|C:\Windows\SYSTEM32\samsrv.dll+5df1|C:\Windows\SYSTEM32\samsrv.dll+5cf2|C:\Windows\SYSTEM32\samsrv.dll+178be|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.595{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.548{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=C5D79128EC634DFD2B8FF5415F4151FD,SHA256=1C69D7B228C73ECE08A88934B17ECFE20658FE528F63F76F301F68BD1869B766,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=86D2A043B21F4859E368AF3B8D48C256,SHA256=C55852D2F0F01E013748DE04AE46983199293C5BE3F3573C4CE76C045B014FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=86D2A043B21F4859E368AF3B8D48C256,SHA256=C55852D2F0F01E013748DE04AE46983199293C5BE3F3573C4CE76C045B014FED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\DNS ServerMD5=E26ED9F510A201C5243A6376D6192CDA,SHA256=DA389BA1ECC636F994DF721DC9111FEB30E29F393BB0C605D534955598EA323B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.533{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2B5DA130FD36CEC5EA0D2F9A55BEE144,SHA256=06CFC98F1FAF7ECE329CB1E2E543BEBAC029D30D7BC1D2B2C47AD16DEFCEF695,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.517{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.518{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\System32\VSSVC.exe10.0.14393.4350 (rs1_release.210407-2154)Microsoft® Volume Shadow Copy ServiceMicrosoft® Windows® Operating SystemMicrosoft CorporationVSSVC.EXEC:\Windows\system32\vssvc.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=C417EA0DC7EF39347AB3AFC6D9CE0A3C,SHA256=198E5F8976CB3643D7D0709793CD49F8565AEEAC7871389255C7560F497F99CB,IMPHASH=B933B302F069B1ED43D97EAA68CD7B05{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\System32\services.exeC:\Windows\system32\services.exe 354300x8000000000000000170233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:41.129{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50782-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000170232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.502{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.486{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.252{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.252{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.220{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.205{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.205{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896\PSHost.132687594414909256.5896.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 23542300x8000000000000000170219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_io02thq1.m0h.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.142{D8DCB3A2-A291-60D0-5910-00000000D001}5896ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sjrhtaja.5kn.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.080{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=CB9DE90E1EBB821F75FBE48645DB8A85,SHA256=E5E5B618A0B6A6794ECEACF06421031DC4060D317B00392A880DC527F84A098F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000170216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.017{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sjrhtaja.5kn.ps12021-06-21 14:30:42.017 10341000x8000000000000000170215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.002{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A291-60D0-5910-00000000D001}5896C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.861{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3A9CBED1350B95CF14BA7D1794919013,SHA256=5F0B5ADF7F2BC3E0128D5C8C69EADE842ACEFC0BACF41A083689AC36F3D15288,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=48F66C3E7A8AB7ECCA2C2886E8A8E716,SHA256=EF4C35BB6083B1E29454D87F751E8EDF9ADCF62E9EDDD89846277470A3AEEAE6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=39C9E538FE17214644553BF52B2E16E1,SHA256=692FDAECC02BEA951454FA6217ADA80302D8AA79EC73D59A378F28A610F678F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:43.595{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D0AC09CB65EBE50E891F2483AEBD9479,SHA256=E43A86C4F21928FFFA31C5D95140E14AA477FB5663F592280259C906697357CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000170273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:42.176{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50783-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000170281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.877{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F869BA260712473A14EFA238922C000C,SHA256=4F7B471EB39C6FC1033ECD06903F6B40BBBBF5F991C577525EA59EAF32FB40EF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.799{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.783{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:44.783{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:45.908{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7208F0403E17634BA01FF410B6B1A74,SHA256=344E42127D1DE894DB610A2DB6001FC54853997A710C4A1BF8C3D275AA4F1FC9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:45.830{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0FC21993440F9097D484DB2CD2766938,SHA256=3E16F19F19D3AC41069A48564793D9DFD72F8FD4F28332989849CFDFD994F851,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000170291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:46.814{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\FDResPub\ServiceData\FirstStartBinary Data 10341000x8000000000000000170290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d248|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.595{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.830{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=962EAC84FC0ADB595E86E03D666137A4,SHA256=C01F37A54C9D06401815837CA053436F6FD6F06137224F085FEFE17C44445AB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.611{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0873264AEC9FE21A4F82F9D7285D891A,SHA256=865B15A0161215AF989D8F95FBB15C5CA30E83A475B7B5015AC65F50A32E5FA5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.330{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.314{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.314{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.064{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=896469C532C0B910BE021D61638CA04B,SHA256=5F947E9DDB697969873E73C85D3CC81902CA103C3E3AC284B135CDE076B207FE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000170335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:47.145{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50784-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 354300x8000000000000000170334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse10.0.1.14win-dc-385.attackrange.local65456-false239.255.255.250-3702ws-discovery 354300x8000000000000000170333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local65457-trueff02:0:0:0:0:0:0:c-3702ws-discovery 354300x8000000000000000170332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsefalse239.255.255.250-3702ws-discoveryfalse127.0.0.1-65456- 354300x8000000000000000170331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruefalse127.0.0.1-65456-false239.255.255.250-3702ws-discovery 354300x8000000000000000170330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudpfalsetrueff02:0:0:0:0:0:0:c-3702ws-discoverytrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65457- 354300x8000000000000000170329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:46.802{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\System32\svchost.exeNT AUTHORITY\LOCAL SERVICEudptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local65457-trueff02:0:0:0:0:0:0:c-3702ws-discovery 23542300x8000000000000000170328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.330{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5D7D63EBE477E799D68B3921F53DC18F,SHA256=D94F7BD7EE2EE540BB1B6C4B50AE085DC59914F5EDA113B2FEAF179844A2DCB4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.205{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=346643DD1E2F3F9FDCFC14C8D9DDEFFF,SHA256=65BC45A3350F47ADE4F613DA89E33FAB1304A43553EED0248AF154EBB2C0344A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41968|C:\Windows\system32\windows.cortana.Desktop.dll+16557|C:\Windows\system32\windows.cortana.Desktop.dll+12d9b|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.Desktop.dll+418c2|C:\Windows\system32\windows.cortana.Desktop.dll+41680|C:\Windows\system32\windows.cortana.Desktop.dll+92dc|C:\Windows\system32\windows.cortana.Desktop.dll+12d31|C:\Windows\system32\windows.cortana.Desktop.dll+15c7|C:\Windows\system32\windows.cortana.Desktop.dll+44bd|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8e62|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.095{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\execmodelclient.dll+8d5e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000170320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+1a962|C:\Windows\system32\windows.cortana.onecore.dll+16e12|C:\Windows\system32\windows.cortana.onecore.dll+16d5b|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d 10341000x8000000000000000170319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\system32\windows.cortana.onecore.dll+1a8c3|C:\Windows\system32\windows.cortana.onecore.dll+6198|C:\Windows\system32\windows.cortana.onecore.dll+16cb1|C:\Windows\system32\windows.cortana.onecore.dll+1537|C:\Windows\system32\windows.cortana.onecore.dll+4a2d|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x8000000000000000170318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.080{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0D00-00000000D001}896924C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.064{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:48.048{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.861{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.845{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.845{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:49.095{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B712875F973A9128C78C7E800AA1F74,SHA256=D6C4309DA3B2D745D2E74D8C414A3D08375B3D30A1D257C2EF3C754B169CA711,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C00512BE1778BDD6CF474927396CBAEC,SHA256=65197E80F4224C657A795CE59BB274E6457CBAA82AAF0D48A7505D5B89D777E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.595{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=5472CC95B39509138E961BBFA1D3E1F4,SHA256=1CC3439D78CE5D01F2F35630843B321595AF029EA309432BDE7BFB0AF1EF38FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:50.252{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0E9D7B86EE4B4EF64FFB73C57C44A53F,SHA256=A8E0DF487A8D7C705636384C9E20825EA66C8A2ADDB4CDFB7BE8933AE7A091F4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.923{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.923{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.673{D8DCB3A2-A29B-60D0-7710-00000000D001}48882584C:\Windows\system32\conhost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29B-60D0-7710-00000000D001}4888C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.658{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883240C:\Windows\System32\cscript.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.663{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exe"C:\Windows\System32\netsh.exe" advfirewall firewall set rule group="Network Discovery" new enable=YesC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.330{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=467679DA65EA84C275180C1140333DC6,SHA256=D01DBCE20CC0AA0D57E1B39CEDAB0B9A787A92CEE620950E402DC1DCB9106816,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:51.189{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563904C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000170661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-rtlsupport-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l2-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-realtime-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-profile-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processtopology-obsolete-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-2.dll2021-06-21 14:30:52.986 11241100x8000000000000000170654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-namedpipe-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-2.dll2021-06-21 14:30:52.986 11241100x8000000000000000170646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-localization-obsolete-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-1.dll2021-06-21 14:30:52.986 11241100x8000000000000000170642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-interlocked-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-heap-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-handle-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-delayload-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-1.dll2021-06-21 14:30:52.970 11241100x8000000000000000170618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.970{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-0.dll2021-06-21 14:30:52.970 11241100x8000000000000000170617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-1.dll2021-06-21 14:30:52.955 11241100x8000000000000000170616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-console-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-comm-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-com-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-base-util-l1-1-0.dll2021-06-21 14:30:52.955 11241100x8000000000000000170611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\WimProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\VhdProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\UnattendProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\TransmogProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\SmiProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ProvProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OSProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OfflineSetupProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\MsiProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\LogProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IntlProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ImagingProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IBSProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\GenericProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FolderProvider.dll2021-06-21 14:30:52.955 11241100x8000000000000000170596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.955{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FfuProvider.dll2021-06-21 14:30:52.939 11241100x8000000000000000170595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.939{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DmiProvider.dll2021-06-21 14:30:52.939 11241100x8000000000000000170594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismProv.dll2021-06-21 14:30:52.923 11241100x8000000000000000170593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localEXE2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe2021-06-21 14:30:52.923 11241100x8000000000000000170592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCorePS.dll2021-06-21 14:30:52.923 11241100x8000000000000000170591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCore.dll2021-06-21 14:30:52.923 11241100x8000000000000000170590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CompatProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CbsProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AssocProvider.dll2021-06-21 14:30:52.923 11241100x8000000000000000170587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.923{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AppxProvider.dll2021-06-21 14:30:52.923 10341000x8000000000000000170586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.720{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.720{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9313EBEB6CCC9CFD0153A56178607C92,SHA256=D84FBDF722112E3A18D99D3A61CDB13363A9A59E6B5FED6C933D9A627705852A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.689{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.673{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A145FD54AC6ADFB149FF11D4C889EA44,SHA256=34E63C7BCDAFF7EE79BE1175CE4BB5D0DFD2C92655A782E088AD76A44E44871B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.673{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=59FFDAA2545076E4EE6AD42F1712529F,SHA256=8A2A7FB37B873A0612E0CB4BC53C5659D4214A20FDDA4A0B36835833E5947FF0,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000170579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:52.673{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900\PSHost.132687594525543645.1900.DefaultAppDomain.powershellC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe 10341000x8000000000000000170578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-8910-00000000D001}50525232C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_afvpgqsa.jrx.psm1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8910-00000000D001}5052C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000170569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.658{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sn45i0pb.v0g.ps1MD5=D17FE0A3F47BE24A6453E9EF58C94641,SHA256=96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|UNKNOWN(00007FFDBEE47F80) 154100x8000000000000000170566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.655{D8DCB3A2-A29C-60D0-8810-00000000D001}2016C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"net.exe" viewC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000170565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.642{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6F600957A19FE3FC6104717798F9C474,SHA256=4D6A64E008BD440E4894D7B151E22556F28428C6DB63B5DB4DEBA202B38FEB15,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000170562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Temp\__PSScriptPolicyTest_sn45i0pb.v0g.ps12021-06-21 14:30:52.627 10341000x8000000000000000170561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-A29C-60D0-8710-00000000D001}5144500C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.627{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8710-00000000D001}5144C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\arp.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c01b0|UNKNOWN(00007FFDBEE47C66) 154100x8000000000000000170546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.611{D8DCB3A2-A29C-60D0-8610-00000000D001}1696C:\Windows\System32\ARP.EXE10.0.14393.0 (rs1_release.160715-1616)TCP/IP Arp CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationarp.exe"arp" -aC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=1E065F9F13F4A59292BE9B2EC513D7A6,SHA256=CCA1F962F9435330C556F07A1745D743AD7ACAD7561C4C79420B0BF16C8E1D0A,IMPHASH=B3077D4D25C0193C09E23EF3AC7B070E{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8510-00000000D001}14443228C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8410-00000000D001}56045304C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-8310-00000000D001}22926020C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8510-00000000D001}1444C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8410-00000000D001}5604C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8310-00000000D001}2292C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-A29C-60D0-7F10-00000000D001}32802144C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885180C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884172C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.592{D8DCB3A2-A29C-60D0-8210-00000000D001}2632C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "C:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 154100x8000000000000000170519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.591{D8DCB3A2-A29C-60D0-8110-00000000D001}4344C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "Z:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53884324C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.591{D8DCB3A2-A29C-60D0-8010-00000000D001}5564C:\Windows\System32\icacls.exe10.0.14393.0 (rs1_release.160715-1616)-Microsoft® Windows® Operating SystemMicrosoft CorporationiCACLS.EXE"C:\Windows\System32\icacls.exe" "D:*" /grant Everyone:F /T /C /QC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=0F7E1625009A0C00A9D9809694FC5831,SHA256=0CA4AFF87EED104E2277C0E38B292CD32950DAD6A233C791F798EA75AE28DEEC,IMPHASH=03499A3871CAFF2E334ECA403D23FE9A{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7F10-00000000D001}3280C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.580{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000170508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.585{D8DCB3A2-A29C-60D0-7E10-00000000D001}5904C:\Windows\System32\mountvol.exe10.0.14393.0 (rs1_release.160715-1616)Mount Volume UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMOUNTVOL.EXE"C:\Windows\System32\mountvol.exe" A: \\?\Volume{dfd6b7a8-0000-0000-0000-100000000000}\C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=E343A47AD45B4F959CA483FF84BA4922,SHA256=CE3C232D94FF7940D89F4D5F4888BD19A1E9D71BD6EC9A50715E785400C84652,IMPHASH=E94BE7B41039B13C11D44EF457A7493F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-A29C-60D0-7D10-00000000D001}50885600C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7D10-00000000D001}5088C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.564{D8DCB3A2-A29C-60D0-7B10-00000000D001}14604412C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+384146|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4809|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c4179|UNKNOWN(00007FFDBEE45717) 154100x8000000000000000170494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.561{D8DCB3A2-A29C-60D0-7C10-00000000D001}5852C:\Windows\System32\mountvol.exe10.0.14393.0 (rs1_release.160715-1616)Mount Volume UtilityMicrosoft® Windows® Operating SystemMicrosoft CorporationMOUNTVOL.EXE"mountvol.exe"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=E343A47AD45B4F959CA483FF84BA4922,SHA256=CE3C232D94FF7940D89F4D5F4888BD19A1E9D71BD6EC9A50715E785400C84652,IMPHASH=E94BE7B41039B13C11D44EF457A7493F{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000170493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7B10-00000000D001}1460C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 13241300x8000000000000000170492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1088SetValue2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeHKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\LocalAccountTokenFilterPolicyDWORD (0x00000001) 10341000x8000000000000000170491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.548{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000170485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.554{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe10.0.14393.206 (rs1_release.160915-0644)Windows PowerShellMicrosoft® Windows® Operating SystemMicrosoft CorporationPowerShell.EXE"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Enable-WindowsOptionalFeature -Online -FeatureName SMB1ProtocolC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=097CE5761C89434367598B34FE32893B,SHA256=BA4038FD20E474C047BE8AAD5BFACDB1BFC1DDBE12F803F473B7918D8D819436,IMPHASH=CAEE994F79D85E47C06E5FA9CDEAE453{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 13241300x8000000000000000170484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000698) 13241300x8000000000000000170483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Session-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=139|App=System|Name=@FirewallAPI.dll,-28503|Desc=@FirewallAPI.dll,-28506|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000697) 13241300x8000000000000000170480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Session-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=139|App=System|Name=@FirewallAPI.dll,-28507|Desc=@FirewallAPI.dll,-28510|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000696) 13241300x8000000000000000170477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SMB-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=445|App=System|Name=@FirewallAPI.dll,-28511|Desc=@FirewallAPI.dll,-28514|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000695) 13241300x8000000000000000170474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SMB-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|RPort=445|App=System|Name=@FirewallAPI.dll,-28515|Desc=@FirewallAPI.dll,-28518|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000694) 13241300x8000000000000000170471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Name-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=137|App=System|Name=@FirewallAPI.dll,-28519|Desc=@FirewallAPI.dll,-28522|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000693) 13241300x8000000000000000170468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Name-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=137|App=System|Name=@FirewallAPI.dll,-28523|Desc=@FirewallAPI.dll,-28526|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000692) 13241300x8000000000000000170465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Datagram-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=138|App=System|Name=@FirewallAPI.dll,-28527|Desc=@FirewallAPI.dll,-28530|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000691) 13241300x8000000000000000170462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-NB_Datagram-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=138|App=System|Name=@FirewallAPI.dll,-28531|Desc=@FirewallAPI.dll,-28534|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000690) 13241300x8000000000000000170459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.533{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-SpoolSvc-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC|App=%%SystemRoot%%\system32\spoolsv.exe|Svc=Spooler|Name=@FirewallAPI.dll,-28535|Desc=@FirewallAPI.dll,-28538|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068f) 13241300x8000000000000000170456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-RPCSS-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|Profile=Domain|Profile=Private|Profile=Public|LPort=RPC-EPMap|Svc=Rpcss|Name=@FirewallAPI.dll,-28539|Desc=@FirewallAPI.dll,-28542|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068e) 13241300x8000000000000000170453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP4-ERQ-Inv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=1|Profile=Domain|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28543|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068d) 13241300x8000000000000000170450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP4-ERQ-Outv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=1|Profile=Domain|Profile=Private|Profile=Public|ICMP4=8:*|Name=@FirewallAPI.dll,-28544|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068c) 13241300x8000000000000000170447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP6-ERQ-Inv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=128:*|Name=@FirewallAPI.dll,-28545|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068b) 13241300x8000000000000000170444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-ICMP6-ERQ-Outv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=58|Profile=Domain|Profile=Private|Profile=Public|ICMP6=128:*|Name=@FirewallAPI.dll,-28546|Desc=@FirewallAPI.dll,-28547|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000068a) 13241300x8000000000000000170441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-LLMNR-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28548|Desc=@FirewallAPI.dll,-28549|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12602056C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000689) 13241300x8000000000000000170438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\FPS-LLMNR-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|Profile=Domain|Profile=Private|Profile=Public|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-28550|Desc=@FirewallAPI.dll,-28551|EmbedCtxt=@FirewallAPI.dll,-28502| 10341000x8000000000000000170437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.517{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.455{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.455{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.408{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.392{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.377{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.377{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000170428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.361{D8DCB3A2-A29C-60D0-7910-00000000D001}58124788C:\Windows\system32\conhost.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7910-00000000D001}5812C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.330{D8DCB3A2-A28F-60D0-4C10-00000000D001}53883380C:\Windows\System32\cscript.exe{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+d102e|C:\Windows\System32\shcore.dll+33fad|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.334{D8DCB3A2-A29C-60D0-7810-00000000D001}5380C:\Windows\System32\netsh.exe10.0.14393.0 (rs1_release.160715-1616)Network Command ShellMicrosoft® Windows® Operating SystemMicrosoft Corporationnetsh.exe"C:\Windows\System32\netsh.exe" advfirewall firewall set rule group="File and Printer Sharing" new enable=YesC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=4D51BCD0B94D09F5DFB80DF754D31E28,SHA256=E5888E649C881E4BBBCE472F6808F93B2B5564D3094995A5A08E66B2406C1607,IMPHASH=51DC8B92EF1620527201E5276E21BCA7{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 13241300x8000000000000000170417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000688) 13241300x8000000000000000170416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnPHost-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=2869|App=System|Name=@FirewallAPI.dll,-32761|Desc=@FirewallAPI.dll,-32764|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000687) 13241300x8000000000000000170413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnPHost-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|App=System|Name=@FirewallAPI.dll,-32765|Desc=@FirewallAPI.dll,-32768|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000686) 13241300x8000000000000000170410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Name-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=137|App=System|Name=@FirewallAPI.dll,-32769|Desc=@FirewallAPI.dll,-32772|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000685) 13241300x8000000000000000170407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.314{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Name-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=137|App=System|Name=@FirewallAPI.dll,-32773|Desc=@FirewallAPI.dll,-32776|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000684) 13241300x8000000000000000170404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Datagram-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=138|App=System|Name=@FirewallAPI.dll,-32777|Desc=@FirewallAPI.dll,-32780|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000683) 13241300x8000000000000000170401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-NB_Datagram-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=138|App=System|Name=@FirewallAPI.dll,-32781|Desc=@FirewallAPI.dll,-32784|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000682) 13241300x8000000000000000170398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNTS-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5358|App=System|Name=@FirewallAPI.dll,-32813|Desc=@FirewallAPI.dll,-32814|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000681) 13241300x8000000000000000170395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNTS-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5358|App=System|Name=@FirewallAPI.dll,-32815|Desc=@FirewallAPI.dll,-32816|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000680) 13241300x8000000000000000170392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNT-In-TCPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=6|LPort=5357|App=System|Name=@FirewallAPI.dll,-32817|Desc=@FirewallAPI.dll,-32818|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067f) 13241300x8000000000000000170389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-WSDEVNT-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=5357|App=System|Name=@FirewallAPI.dll,-32819|Desc=@FirewallAPI.dll,-32820|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.298{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067e) 13241300x8000000000000000170386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-SSDPSrv-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32753|Desc=@FirewallAPI.dll,-32756|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067d) 13241300x8000000000000000170383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-SSDPSrv-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=1900|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=Ssdpsrv|Name=@FirewallAPI.dll,-32757|Desc=@FirewallAPI.dll,-32760|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067c) 13241300x8000000000000000170380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-UPnP-Out-TCPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=6|RPort=2869|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=upnphost|Name=@FirewallAPI.dll,-32821|Desc=@FirewallAPI.dll,-32822|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067b) 13241300x8000000000000000170377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDPHOST-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32785|Desc=@FirewallAPI.dll,-32788|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x0000067a) 13241300x8000000000000000170374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDPHOST-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdphost|Name=@FirewallAPI.dll,-32789|Desc=@FirewallAPI.dll,-32792|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000679) 13241300x8000000000000000170371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-LLMNR-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32801|Desc=@FirewallAPI.dll,-32804|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000678) 13241300x8000000000000000170368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-LLMNR-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=5355|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=dnscache|Name=@FirewallAPI.dll,-32805|Desc=@FirewallAPI.dll,-32808|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12605448C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000677) 13241300x8000000000000000170365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDRESPUB-WSD-In-UDPv2.26|Action=Allow|Active=TRUE|Dir=In|Protocol=17|LPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32809|Desc=@FirewallAPI.dll,-32810|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 13241300x8000000000000000170363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Epoch\EpochDWORD (0x00000676) 13241300x8000000000000000170362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exeHKLM\System\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\NETDIS-FDRESPUB-WSD-Out-UDPv2.26|Action=Allow|Active=TRUE|Dir=Out|Protocol=17|RPort=3702|RA4=LocalSubnet|RA6=LocalSubnet|App=%%SystemRoot%%\system32\svchost.exe|Svc=fdrespub|Name=@FirewallAPI.dll,-32811|Desc=@FirewallAPI.dll,-32812|EmbedCtxt=@FirewallAPI.dll,-32752| 10341000x8000000000000000170361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.283{D8DCB3A2-4534-60D0-1500-00000000D001}12601296C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\fwbase.dll+1594|c:\windows\system32\fwbase.dll+13f6|c:\windows\system32\mpssvc.dll+2fc35|c:\windows\system32\mpssvc.dll+2fb4e|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.173{D8DCB3A2-4534-60D0-1600-00000000D001}13042000C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.173{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29B-60D0-7610-00000000D001}2368C:\Windows\System32\netsh.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000170770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.207{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50785-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000170769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.705{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-A29D-60D0-8D10-00000000D001}55445780C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+660c|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.696{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000170761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.689{D8DCB3A2-A29D-60D0-8D10-00000000D001}55445780C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+5112|C:\Program Files\Mozilla Firefox\firefox.exe+10f9|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000170758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565992C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\pcasvc.dll+52e4|c:\windows\system32\pcasvc.dll+58a9|c:\windows\system32\pcasvc.dll+5b49|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4534-60D0-1200-00000000D001}7561088C:\Windows\System32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1440C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\pcasvc.dll+5bab|c:\windows\system32\pcasvc.dll+5b07|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.673{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564652C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\windows.storage.dll+94c4a|C:\Windows\System32\windows.storage.dll+94a02|C:\Windows\System32\SHELL32.dll+3f98d|C:\Windows\System32\SHELL32.dll+3e526|C:\Windows\System32\SHELL32.dll+802b1|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\windows.storage.dll+11a32|C:\Windows\System32\windows.storage.dll+11729|C:\Windows\System32\windows.storage.dll+115ff|C:\Windows\System32\SHELL32.dll+80337|C:\Windows\System32\SHELL32.dll+6724e|C:\Windows\System32\SHLWAPI.dll+e1f7 154100x8000000000000000170746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.672{D8DCB3A2-A29D-60D0-8D10-00000000D001}5544C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" C:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\explorer.exeC:\Windows\Explorer.EXE /NOUACCHECK 10341000x8000000000000000170745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.595{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000170741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.486{D8DCB3A2-A29D-60D0-8C10-00000000D001}34801992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 23542300x8000000000000000170740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.439{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D16E6FE95CECA01A20FD524A48285C2,SHA256=69E2AB41F8C069DBFBF5B4FFC1DBA8BE4481F90CC37334A46C9D8B79066F476C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.392{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.390{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe10.0.14393.4222 (rs1_release.210113-1739)Windows Modules Installer WorkerMicrosoft® Windows® Operating SystemMicrosoft CorporationTiWorker.exeC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe -EmbeddingC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=1571A4132449A317F66DF783E9468783,SHA256=5CFF48937FAE7F0CF5935248959141E2A60E88FE8105C43676B866FDAC36ADD2,IMPHASH=38FF53C1CCC1EE4C508C0F83A88C4E19{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\System32\svchost.exeC:\Windows\system32\svchost.exe -k DcomLaunch 10341000x8000000000000000170731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.377{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0A00-00000000D001}6162812C:\Windows\system32\services.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\services.exe+1713f|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0A00-00000000D001}616708C:\Windows\system32\services.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|C:\Windows\system32\services.exe+307d|C:\Windows\system32\services.exe+6334|C:\Windows\system32\services.exe+dc24|C:\Windows\system32\services.exe+d3ee|C:\Windows\system32\services.exe+4d0c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.369{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe10.0.14393.3564 (rs1_release.200303-1942)Windows Modules InstallerMicrosoft® Windows® Operating SystemMicrosoft CorporationTrustedInstaller.exeC:\Windows\servicing\TrustedInstaller.exeC:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=187076E4BC7B2F5FB7D54D1234B3CDEA,SHA256=7AE4CC64E2F0E5C58ABB6542233DA78B9AEAAD22C9D853AB96265EF3FBFEFABE,IMPHASH=648F735E453FC6802BFAECAC5ACA72A4{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\System32\services.exeC:\Windows\system32\services.exe 10341000x8000000000000000170722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+10d9e|C:\Windows\system32\lsasrv.dll+1d1e8|C:\Windows\system32\lsasrv.dll+1c411|C:\Windows\system32\lsasrv.dll+1ac30|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.361{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4532-60D0-0A00-00000000D001}616C:\Windows\system32\services.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+1a18d|C:\Windows\system32\lsasrv.dll+2706b|C:\Windows\SYSTEM32\SspiSrv.dll+1467|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.283{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=5DB0F197785408DE9F362CC1B04242BE,SHA256=1DDE7451A445A78DB3CF91A921F2795CB048073C4ED86C63D9DB9447F66EEA38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.283{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C2EAA904A76124AA22F8B0DB6FBB8F93,SHA256=E8982CFB219D6F66D5230354A9E73BED174917251F1A9734DCA3C923577533BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.080{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FED2D6D6D997E1576A28E7DF33517677,SHA256=692CC8D0110ED64AE2D04E571A123913BD0C8C4179551F4C9BA3738A4E1B25B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.049{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D41450471D3438B33A335DFA05FAE70B,SHA256=50ABF025D2F3085373FDDDE44E158DE1D7A52DB95AC00F04166366F0E376B5BD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.033{D8DCB3A2-A29C-60D0-7A10-00000000D001}19005028C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\SYSTEM32\Dism\DismCore.dll+273f6|C:\Windows\SYSTEM32\Dism\DismCore.dll+8eaa|C:\Windows\SYSTEM32\Dism\DismCore.dll+58d4|C:\Windows\SYSTEM32\dismapi.dll+55381|C:\Windows\SYSTEM32\dismapi.dll+2c46a|C:\Windows\SYSTEM32\dismapi.dll+25f06|C:\Windows\SYSTEM32\dismapi.dll+24ceb|C:\Windows\SYSTEM32\dismapi.dll+2466f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:53.034{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe10.0.14393.4169 (rs1_release.210107-1130)Dism Host Servicing ProcessMicrosoft® Windows® Operating SystemMicrosoft CorporationDismHost.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\dismhost.exe {4CC5A7BB-BA1F-444D-9C0B-A1AD590AF8AC}C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol 11241100x8000000000000000170706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-winsvc-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l2-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-sddl-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-provider-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-lsapolicy-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-1.dll2021-06-21 14:30:53.017 11241100x8000000000000000170695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-cryptoapi-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-base-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-EventLog-Legacy-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Provider-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Legacy-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Controller-L1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.017{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-eventing-consumer-l1-1-0.dll2021-06-21 14:30:53.017 11241100x8000000000000000170687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-xstate-l2-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-xstate-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-wow64-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-version-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-util-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-url-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-timezone-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-private-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-legacy-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-2-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringloader-l1-1-1.dll2021-06-21 14:30:53.002 11241100x8000000000000000170668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringansi-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-obsolete-l1-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:53.002{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-l2-1-0.dll2021-06-21 14:30:53.002 11241100x8000000000000000170665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-string-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shutdown-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-obsolete-l1-1-0.dll2021-06-21 14:30:52.986 11241100x8000000000000000170662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDLL2021-06-21 14:30:52.986{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-legacy-l1-1-0.dll2021-06-21 14:30:52.986 10341000x8000000000000000170796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.986{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.986{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+25e534|C:\Program Files\Mozilla Firefox\xul.dll+1215769|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.979{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.0.525549771\900183314" -parentBuildID 20210614221319 -prefsHandle 1492 -prefMapHandle 1484 -prefsLen 1 -prefMapSize 238512 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 1540 gpuC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.0.52554977C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:54.971{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.939{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000170783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.923{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000170782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.923{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000170781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.892{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.845{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\parent.lockMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.798{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000170776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:52.652{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local138netbios-dgmfalse10.0.1.14win-dc-385.attackrange.local138netbios-dgm 13241300x8000000000000000170775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localTamper-WinlogonSetValue2021-06-21 14:30:54.767{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exeHKLM\System\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller\Events(Empty) 13241300x8000000000000000170774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localTamper-WinlogonSetValue2021-06-21 14:30:54.627{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exeHKLM\System\CurrentControlSet\Control\Winlogon\Notifications\Components\TrustedInstaller\EventsCreateSession 23542300x8000000000000000170773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.470{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=584F9A378B48A22822BE4CDC41E6FE91,SHA256=BCC28505B56781E651C65613578DCCEB3577C511BF642178CEC7DB25C08E55CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.392{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=0750BFE61C8E818D32144E19C520C21F,SHA256=44087E7F25CC0FB19E163F7A70BC7B53A1BF579B4FF6CCE9D940C2D2C8A73EC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.048{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A145FD54AC6ADFB149FF11D4C889EA44,SHA256=34E63C7BCDAFF7EE79BE1175CE4BB5D0DFD2C92655A782E088AD76A44E44871B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.990{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=39024D660220B7CD3962EC3C48A022D0,SHA256=036B866208AE5C2FA243A3F3B019A00D9F3457D30BCE895CD14BC3BBBD0E03BC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.921{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.921{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+16b4912|C:\Program Files\Mozilla Firefox\xul.dll+1698773|C:\Program Files\Mozilla Firefox\xul.dll+179446d|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841 10341000x8000000000000000171016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.890{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 354300x8000000000000000171014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.838{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcpfalsefalse127.0.0.1-50788-false127.0.0.1-50787- 354300x8000000000000000171013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.838{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse127.0.0.1-50788-false127.0.0.1-50787- 354300x8000000000000000171012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.332{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50786-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000171011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:54.332{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50786-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000171010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.870{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A3870BE59E783BA9D0FA4BBCA2C1AD4,SHA256=E217E18260C70D7ED5BDDEFE813F5FF167DDDA580AD60D6911C2F213475DAD1E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000171000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.837{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.822{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Program Files\Mozilla Firefox\xul.dll+3c68ee|C:\Program Files\Mozilla Firefox\xul.dll+3fd1a|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f 10341000x8000000000000000170992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.806{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+1359129|C:\Program Files\Mozilla Firefox\xul.dll+1154d52|C:\Program Files\Mozilla Firefox\xul.dll+da5f1a|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.774{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 18141800x8000000000000000170989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.19.201220929C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.18.180179091C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.17.52600894C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.15.81224850C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.16.124321088C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.753{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.14.49076790C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.737{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.3.214579641C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.737{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.3.214579641C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.737{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.737{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.2.18111847C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.2.18111847C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6076.1.11314706C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.1.11314706C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.0.141957256C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.722{D8DCB3A2-A29F-60D0-9110-00000000D001}6076\chrome.6076.0.141957256C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.722{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4C79B34ECC580EB27B7284F9B75BE34F,SHA256=5A1B791F065E888219DD4050E4B01DE54E220F7DEEA1EDB0F47C3201CD1F4D4D,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.706{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-1C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.690{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-1C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.690{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6BAB78D2F4211C4364B1FF187657A7D5,SHA256=7C5D943811910255B87816B37EC96A52C8C55597C23F14E739A1AC957A958C2F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.13.41162526C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.675{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.669{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.653{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000170947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.637{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=A3EADF5A7DFBF3636F5289D62A6883BF,SHA256=58CBC5DE1AD925AB6349C3C90A2F50B2377984131ED4A4640C21C4B2B3275BCD,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 23542300x8000000000000000170944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000170934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.622{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+3c5393|C:\Program Files\Mozilla Firefox\xul.dll+e17fc5|C:\Program Files\Mozilla Firefox\xul.dll+e17981|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 23542300x8000000000000000170933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A16B7BA60494E9738EC1372201681242,SHA256=822A489EE825677D6FFF9E0C925EF849B71752B6E49E71D151610800151C4087,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.606{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D20D246280499A25E64A6E6A321C4F8D,SHA256=424F9316E13A117511320AECED9945C1DFFA4BCB7A6978F59A67F7FA31C7D908,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.590{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000001C79D934AE0) 10341000x8000000000000000170927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.575{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2e6ae4|C:\Program Files\Mozilla Firefox\xul.dll+46bedce|UNKNOWN(000001C79D934AE0) 10341000x8000000000000000170926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.572{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.19.201220929C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.18.180179091C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.537{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.17.52600894C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.16.124321088C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.15.81224850C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 17141700x8000000000000000170916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.14.49076790C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3 10341000x8000000000000000170914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c 10341000x8000000000000000170912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000170911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862 10341000x8000000000000000170909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+5382b5|C:\Program Files\Mozilla Firefox\xul.dll+4d4276|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+489e97|C:\Program Files\Mozilla Firefox\xul.dll+1c7286c|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000170908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.522{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.529{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.13.411625263\321067842" -childID 2 -isForBrowser -prefsHandle 3328 -prefMapHandle 3324 -prefsLen 6104 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 3232 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.13.41162526C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000170897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.506{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+2da143f|C:\Program Files\Mozilla Firefox\xul.dll+2da32fc|C:\Program Files\Mozilla Firefox\xul.dll+28b8d0|C:\Program Files\Mozilla Firefox\xul.dll+2df4450|C:\Program Files\Mozilla Firefox\xul.dll+37af281|C:\Program Files\Mozilla Firefox\xul.dll+37aedf2|C:\Program Files\Mozilla Firefox\xul.dll+151bb3c|C:\Program Files\Mozilla Firefox\xul.dll+151b5be|C:\Program Files\Mozilla Firefox\xul.dll+252dca|C:\Program Files\Mozilla Firefox\xul.dll+288621|C:\Program Files\Mozilla Firefox\xul.dll+e59810 10341000x8000000000000000170893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.408{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.12.54294924C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.11.25263314C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.10.166740878C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.8.30396275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.9.108104756C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.7.117011890C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-0C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-0C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.392{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.3.182427386C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.392{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.3.182427386C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.392{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.377{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.2.51242058C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.2.51242058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.108.1.41364609C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.1.41364609C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.0.140206045C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.377{D8DCB3A2-A29F-60D0-9010-00000000D001}108\chrome.108.0.140206045C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.361{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.361{D8DCB3A2-4532-60D0-0B00-00000000D001}624664C:\Windows\system32\lsass.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000170867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000170866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+17a392|UNKNOWN(000001C79D933DFF) 10341000x8000000000000000170865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+f722a|C:\Program Files\Mozilla Firefox\xul.dll+3b429f8|C:\Program Files\Mozilla Firefox\xul.dll+147941|C:\Program Files\Mozilla Firefox\xul.dll+147898|C:\Program Files\Mozilla Firefox\xul.dll+146c2ee|C:\Program Files\Mozilla Firefox\xul.dll+13f72f|C:\Program Files\Mozilla Firefox\xul.dll+199f0a1|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+150682|C:\Program Files\Mozilla Firefox\xul.dll+3c3440c|C:\Program Files\Mozilla Firefox\xul.dll+3b256af|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+14a4c90 10341000x8000000000000000170864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.330{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.330{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.6.140074599C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.314{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.314{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2bbef01|C:\Program Files\Mozilla Firefox\xul.dll+2bbee09|C:\Program Files\Mozilla Firefox\xul.dll+2c83ac5|C:\Program Files\Mozilla Firefox\xul.dll+2c80a8c|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 10341000x8000000000000000170858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000170857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.283{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565796C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.267{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.252{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 17141700x8000000000000000170851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.12.54294924C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.236{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.5420.0.205493087C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.5420.0.205493087C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.11.25263314C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.10.166740878C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.9.108104756C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.8.30396275C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 17141700x8000000000000000170840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.7.117011890C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba 10341000x8000000000000000170838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143 10341000x8000000000000000170836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4 10341000x8000000000000000170835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+29d41d3|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29d37bc|C:\Program Files\Mozilla Firefox\xul.dll+29d6263|C:\Program Files\Mozilla Firefox\xul.dll+1a72799|C:\Program Files\Mozilla Firefox\xul.dll+1a6d1f7|C:\Program Files\Mozilla Firefox\xul.dll+590245|C:\Program Files\Mozilla Firefox\xul.dll+58fdc1|C:\Program Files\Mozilla Firefox\xul.dll+2eca145|C:\Program Files\Mozilla Firefox\xul.dll+28bd3c|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+1076ed|C:\Program Files\Mozilla Firefox\xul.dll+3b146d4|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1076ed 10341000x8000000000000000170833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000170827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.220{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000170826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.224{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.6.1400745994\2030650508" -childID 1 -isForBrowser -prefsHandle 2084 -prefMapHandle 2080 -prefsLen 515 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 2096 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000170825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.6.140074599C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f85e|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000170823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f837|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 10341000x8000000000000000170822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+2c2f80c|C:\Program Files\Mozilla Firefox\xul.dll+57f02d|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0|C:\Program Files\Mozilla Firefox\xul.dll+54b006|C:\Program Files\Mozilla Firefox\xul.dll+7a7c2e|C:\Program Files\Mozilla Firefox\xul.dll+2111146|C:\Program Files\Mozilla Firefox\xul.dll+27446f 18141800x8000000000000000170821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.4.152412275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.5.76138571C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130565f|C:\Program Files\Mozilla Firefox\xul.dll+1865196|C:\Program Files\Mozilla Firefox\xul.dll+57ee7f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.5.76138571C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+13054bf|C:\Program Files\Mozilla Firefox\xul.dll+1864ff1|C:\Program Files\Mozilla Firefox\xul.dll+57ee77|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.4.152412275C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.3.90938915C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+130531f|C:\Program Files\Mozilla Firefox\xul.dll+1864dea|C:\Program Files\Mozilla Firefox\xul.dll+57ee6f|C:\Program Files\Mozilla Firefox\xul.dll+57df7f|C:\Program Files\Mozilla Firefox\xul.dll+57dd6a|C:\Program Files\Mozilla Firefox\xul.dll+2c7d717|C:\Program Files\Mozilla Firefox\xul.dll+2db1c33|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db1006|C:\Program Files\Mozilla Firefox\xul.dll+2db384d|C:\Program Files\Mozilla Firefox\xul.dll+28b07d|C:\Program Files\Mozilla Firefox\xul.dll+28a74e|C:\Program Files\Mozilla Firefox\xul.dll+1a71fd0 17141700x8000000000000000170813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.189{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.3.90938915C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000170812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.142{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.4388.1.20324401C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000170811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000170810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+1282d98|C:\Program Files\Mozilla Firefox\xul.dll+13053ef|C:\Program Files\Mozilla Firefox\xul.dll+186537b|C:\Program Files\Mozilla Firefox\xul.dll+1863986|C:\Program Files\Mozilla Firefox\xul.dll+1192d84|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000170809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.2.82172962C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.2.82172962C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000170807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:55.033{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.1.20324401C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+163fd|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d6162|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+19ab3|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000170800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.002{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\chrome.4388.0.52554977C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000170798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.002{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000170797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:55.002{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000171136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.676{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudpfalsefalse10.0.1.255ip-10-0-1-255.eu-central-1.compute.internal137netbios-nsfalse10.0.1.14win-dc-385.attackrange.local137netbios-ns 354300x8000000000000000171135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.676{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.255ip-10-0-1-255.eu-central-1.compute.internal137netbios-ns 354300x8000000000000000171134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.481{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50792-false143.204.98.36server-143-204-98-36.fra50.r.cloudfront.net443https 354300x8000000000000000171133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.428{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50791-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 354300x8000000000000000171132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.409{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50790-false13.224.195.103server-13-224-195-103.fra2.r.cloudfront.net443https 354300x8000000000000000171131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.394{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50789-false34.107.221.8282.221.107.34.bc.googleusercontent.com80http 23542300x8000000000000000171130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.889{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed 10341000x8000000000000000171128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed 10341000x8000000000000000171126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.805{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.705{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61CF2EE02A1711A497FBA9C557A2532E,SHA256=2BD5C81877B1D3D905343BF2311022B5063AB3BF35C6FB26F2130C7656498B54,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.590{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5F6A3182B048D81DFE57CD71EE1B57A8,SHA256=CCCA7C74D66468F1BF5F3035FB52F9BC0400B6195F496DA5774349367074DAF2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f5ef|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.26.94703991C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.25.153038511C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.24.75302786C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.22.118835346C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.23.77036058C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.574{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.21.100376671C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.572{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.571{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.2.87329775C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.2.87329775C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.1.66162711C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.1.66162711C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.0.40060852C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.552{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.0.40060852C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.552{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.552{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000171105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-2C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.521{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-2C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.521{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.20.53120032C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:30:56.505{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.421{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\search.json.mozlz4MD5=EDC2299EBA84E99AF7C7438ECB7A6CF4,SHA256=CF230F5192B5F53B410CB948B49A0BE09FAD7E80B9125E0D4F348C12C12BC9B2,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000171097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.084{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388cs9.wac.phicdn.net9501-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.084{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388cs9.wac.phicdn.net093.184.220.29;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.492{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388d2nxq2uap88usk.cloudfront.net02600:9000:21f3:1a00:a:da5e:7900:93a1;2600:9000:21f3:600:a:da5e:7900:93a1;2600:9000:21f3:ae00:a:da5e:7900:93a1;2600:9000:21f3:f600:a:da5e:7900:93a1;2600:9000:21f3:2e00:a:da5e:7900:93a1;2600:9000:21f3:4c00:a:da5e:7900:93a1;2600:9000:21f3:c00:a:da5e:7900:93a1;2600:9000:21f3:7e00:a:da5e:7900:93a1;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.492{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388d2nxq2uap88usk.cloudfront.net0143.204.98.30;143.204.98.118;143.204.98.120;143.204.98.36;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.420{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388example.org0::ffff:93.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.420{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388example.org093.184.216.34;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.404{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388prod.detectportal.prod.cloudops.mozgcp.net02600:1901:0:38d7::;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.404{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388prod.detectportal.prod.cloudops.mozgcp.net034.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.399{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388detectportal.firefox.com0type: 5 detectportal.prod.mozaws.net;type: 5 prod.detectportal.prod.cloudops.mozgcp.net;::ffff:34.107.221.82;C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.334{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=35BB00CF8863594F0F58584DD7FACB97,SHA256=E5B4D210B8C72C15F106C10FCE3C1951294F2833314E9AF2B802BE40E3C8F6D2,IMPHASH=00000000000000000000000000000000falsetrue 17141700x8000000000000000171087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.26.94703991C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.25.153038511C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.24.75302786C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.23.77036058C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.22.118835346C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.21.100376671C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468 10341000x8000000000000000171075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000171061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.221{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000171053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.226{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.20.531200329\113393117" -childID 3 -isForBrowser -prefsHandle 4204 -prefMapHandle 4184 -prefsLen 6917 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4200 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000171052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.20.53120032C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.205{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.174{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.174{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\pending_pings\e949ef59-e3d7-4873-b805-d4d1aef26ebbMD5=18B508D63FDED2D8D3D3720E28BA5940,SHA256=3E7B900CA187BE21BC73F51078452054E04A34A0F2183E28E4829B4D6C742020,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=77A895D09F00FD30850DCA1795F8D9CB,SHA256=6546EA4F410FF641D7BCD85F70903CDD7B7F1FAF69B359D4A87884BFEC45A53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=8D04A007038C517E12D2A3A155CB873E,SHA256=230B381EEE810F702DD0A2C3C10231D6517754F968C39B40C99EBF0925117478,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=180B8A548F6695537D39A32C46B23BFE,SHA256=3E6E48F1CB6E91520CB8FCED93EC4DAD32001A1B8A06E3B2A8731C72665E05DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=6F6E29360BF1A2D5EA155085DA776917,SHA256=34C888A32976E0B19E5BF3AB0E989965EABD5CD7B23CDCA8AE34A3112D3E33DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=ED0557A16E8EDC32F0AFB02B33060BB7,SHA256=21E66AED8EB48F57A4615A3A11D6A6DFA97B653494F124D20CE2185972D3D8DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=4704D4FBBF3AC2FF97F5FDBFCA992B9D,SHA256=7A2BDF9A12B9786249E102D893BFD9150CDDE1EC5007378FBD62204E5353198D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=3704D2CEE9582C090BC14D6EC5B5EEAE,SHA256=2702235FCCA180D7857EB945E1C95C3952AC62E9653E123A35CFE58D4708B2E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.037{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5EBD93E146DA9ABCD15FAB881EB3DF5B,SHA256=8649D00A63787EB8BBB9785F7578BE17591C87FF51474E78F490A1314BA84A6C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=47136102AF77FC92ADA2560E4FBC7353,SHA256=79DEDCA063136254BFBE870B2EDBDE3385D41AA88461334D5BCDD3B0D4137D4E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=AB960C6C44172091B7E6A6462D9E7E83,SHA256=C472AA9404D95303C83D9A99494BDA02375565B08D7CE663FF780D42D0FA37AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=CCD58D13FE3820CC45BA4EC7647B0D66,SHA256=42EE288200B7B906ADF5C90497F4B5CA5869ECC8A599F4A41193A529DB675432,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=064E21E3D48EB04E3F0B8D0EA7C472D0,SHA256=EB84E44998F6432118A27656DDD72E4B3FC6FE055C532D0F63F1059FC4C8D207,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=EE1BCEA2ACBA48C4D2DCD3C95FF488FC,SHA256=3CADDE61ABA9C222F0406C2863FBDFD69BEB2B1B7027EDF8F5B629FA3F359DDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\updates\308046B0AF4A39CB\update-config.jsonMD5=7ABFFE156CFCF61314ACF60B8B8CADE8,SHA256=D33B384DA2A6542D3F4892AAE6CAFCB2B769D867533F71EBF28DACA82EF68CAA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9110-00000000D001}6076C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+d4f411|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+4196a|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.021{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=84A6EADFA600A42B42BF7670122E89FF,SHA256=04B081304CA50D258229B43264318F346E86C2C7CAFB3E0A18A35BD53F174715,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=F9541488B06D8344ABA622D53535F362,SHA256=9BC4BEF9CECE3E61F1146A3A41EBD0E6B775FA0320CCA3F785718C3648725912,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=29F8E682886A3A7574E0C517B9346E01,SHA256=0883F66CC98594C36FAB0644F84EC2B3DE32536D103090DB88C732510765220A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=2EDC4FD01C36391A3A5ED7E78D2926A7,SHA256=C2DC9F6DFF403BF669B1CCF8BE66D19934E33C3AC3F6EA1FF6FF4928CC512248,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=5D1AE3BF8BCD0E61CEB45F7709D4B405,SHA256=B99D82B45A08847C745D571A688FB069BBDE866542CD877245EAE7F802094F04,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=B86BF9823EAE55EA887B9BB75DD489B2,SHA256=A31AC1A8FAD69ECFD541B691870903D1C3027E01EF0CF94AFB0AEF30C3C7F84E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=AB960C6C44172091B7E6A6462D9E7E83,SHA256=C472AA9404D95303C83D9A99494BDA02375565B08D7CE663FF780D42D0FA37AB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=352D5B9397327AF25C6C8BA6A4A0047F,SHA256=F4CF3AAFA3E4AB5F5119434351B581602A60EFCF331B9B99063AA51EF72B8F94,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.006{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=7213E06C4380CCE4A456DF6F55471C9E,SHA256=2CF73A796040717B1F71488A88C76078CFA20BCBF33ABAA98C7473B4DE7A5A56,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.872{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.872{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.719{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C08C582A3E7F85B2E09FCC9931DDCD9,SHA256=06AE28E7B457BA02EF39C08E0266588CFEC413CBAC42670FFBC6BE60629258D1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.470{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.451{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:57.451{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 22542200x8000000000000000171143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.090{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.wikipedia.org10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.090{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.reddit.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.facebook.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.youtube.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 22542200x8000000000000000171139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.089{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.ebay.de10054-C:\Program Files\Mozilla Firefox\firefox.exe 354300x8000000000000000171138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:56.073{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50794-false93.184.220.29-80http 354300x8000000000000000171137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:55.923{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50793-false44.238.3.246ec2-44-238-3-246.us-west-2.compute.amazonaws.com443https 10341000x8000000000000000171190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.966{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 23542300x8000000000000000171187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.949{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44AFC024024C394AA974152CDF76DA0F,SHA256=9889BFD981E38868156309E9DC8F67EB9CC17DB2B39D491058A8D42F9F5C44AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.934{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=8D239EEAF98B11D8551F3315F54EE149,SHA256=0BCD7745BA7E622C2D0D00ED4268ED46D62D947063CCBF5AA1EDE5B059870B1D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.918{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=CE5B6A5BAF59042A50E079901BDD80C0,SHA256=AE27598E0758BCE15DA0467FFEC159B3966F25D1D452FE4235465B678820ACF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.469{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=AACFE92693223DFE96A6312FE9CE1C16,SHA256=A696E56EF03EFDDAF03F991EF25A3992D630C34E55F84D4342CED5175F6AC52F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.288{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.103{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.103{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-A2A2-60D0-9810-00000000D001}58526160C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-A2A2-60D0-9710-00000000D001}27166152C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.088{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9810-00000000D001}5852C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-A2A2-60D0-9410-00000000D001}45602632C:\Windows\system32\conhost.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9710-00000000D001}2716C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.072{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.071{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.070{D8DCB3A2-A2A2-60D0-9610-00000000D001}5232C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.12C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.063{D8DCB3A2-A2A2-60D0-9510-00000000D001}3928C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.1C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9410-00000000D001}4560C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.050{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.035{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.035{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.049{D8DCB3A2-A2A2-60D0-9310-00000000D001}4896C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use \\10.0.1.14C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.986{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 354300x8000000000000000171201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.099{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-385.attackrange.local50796-false10.0.1.14win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000171200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.099{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50796-false10.0.1.14win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000171199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:58.036{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50795-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.118{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.049{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1706734B9FD5C21F1BF6B5CAC1387F51,SHA256=E6631DCFB001291A17DAD20E03A6662ACF6A4317A5904E01B2FB234E201E3D76,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000171191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.033{D8DCB3A2-45EA-60D0-9800-00000000D001}43923544C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 22542200x8000000000000000171206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:30:59.048{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388www.google.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.017{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 23542300x8000000000000000171204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.017{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CA4D0794D8DCAFBA8D59C813F938372D,SHA256=C80F8D4997A95B63A36BB16F3A265FE544CA975BCFDC77355831D3133EB25FE1,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.974{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000171225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:00.235{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal137netbios-ns 10341000x8000000000000000171224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.437{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.406{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.361{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}43881020C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.247{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000171219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.247{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 18141800x8000000000000000171218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:01.245{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.4.180781119C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:01.245{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.4.180781119C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.225{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.225{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.224{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=75C3F42BC760AF7B9F1E2DDAAEE6C05E,SHA256=7511CA6994CD9ED8D6D269E6FBE805DB88AD7719386ADE961E052C16229D0817,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.223{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.218{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 18141800x8000000000000000171211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:01.207{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.5192.3.37059428C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:01.207{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192\chrome.5192.3.37059428C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.207{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29f59d1|C:\Program Files\Mozilla Firefox\xul.dll+29d20cb|C:\Program Files\Mozilla Firefox\xul.dll+379aa9f|C:\Program Files\Mozilla Firefox\xul.dll+1179aa1|C:\Program Files\Mozilla Firefox\xul.dll+117cd3d|C:\Program Files\Mozilla Firefox\xul.dll+10ec5d1|C:\Program Files\Mozilla Firefox\xul.dll+1110b5c|C:\Program Files\Mozilla Firefox\xul.dll+1123281|C:\Program Files\Mozilla Firefox\xul.dll+1123189|C:\Program Files\Mozilla Firefox\xul.dll+1121feb|C:\Program Files\Mozilla Firefox\xul.dll+e582e2|C:\Program Files\Mozilla Firefox\xul.dll+d82a67|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+dae3f9|C:\Program Files\Mozilla Firefox\xul.dll+2c7e4ed|C:\Program Files\Mozilla Firefox\xul.dll+2c7ffd5|C:\Program Files\Mozilla Firefox\xul.dll+2c7f7e4|C:\Program Files\Mozilla Firefox\xul.dll+2c78084 23542300x8000000000000000171208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.051{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FB96034D731CBF094D316383DE1CAD5F,SHA256=9192F6B576395806FB6AE37891EFE61A93C6ABAFE8BF8C91839A46418042128D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:01.000{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=5C83EF112235D22676353DD70A6D9B1E,SHA256=84E2F2B5F048B9E465CBB28AC5CDA7E8F338CCD02F2BE05810DC5791C085F96B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.900{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480NT AUTHORITY\SYSTEMC:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exeC:\Windows\servicing\Sessions\Sessions.back.xmlMD5=EA2B0C973333A26A41089DADA25F7A34,SHA256=2EE72C852EE22D2DE8BB3314A3815442EE2A8A281A9DB62CE8BAFFC2B17F3A00,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.770{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.770{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.552{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.532{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.532{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.440{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=18CC034B534D686DD5D054453B6576CB,SHA256=6D5D0344D4EB3AB81AB5FB4DE1579A334E9780090371F9177569927E79419DCB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.352{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885244C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+121816c|C:\Program Files\Mozilla Firefox\xul.dll+1321541|C:\Program Files\Mozilla Firefox\xul.dll+1f85e1|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+4117c|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.33.87945427C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.32.185700560C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.351{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.31.91730071C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.29.57648886C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.30.107019332C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.350{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.28.126802716C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.342{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.342{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.329{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6384.2.200875116C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.2.200875116C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.328{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.6384.1.181598942C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.1.181598942C:\Program Files\Mozilla Firefox\firefox.exe 18141800x8000000000000000171275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.0.173976062C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.328{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384\chrome.6384.0.173976062C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.326{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.326{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+122b817|C:\Program Files\Mozilla Firefox\xul.dll+12e2659|C:\Program Files\Mozilla Firefox\xul.dll+29dfb84|C:\Program Files\Mozilla Firefox\xul.dll+12bdf42|C:\Program Files\Mozilla Firefox\xul.dll+1225f04|C:\Program Files\Mozilla Firefox\xul.dll+da22ae|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 18141800x8000000000000000171270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-3C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.293{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\cubeb-pipe-4388-3C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.282{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.281{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.280{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.27.27211254C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.278{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885256C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+2a3bcb|C:\Program Files\Mozilla Firefox\xul.dll+3a6133d|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 18141800x8000000000000000171264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-ConnectPipe2021-06-21 14:31:02.278{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\gecko-crash-server-pipe.4388C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.237{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.33.87945427C:\Program Files\Mozilla Firefox\firefox.exe 17141700x8000000000000000171262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.32.185700560C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305da1|C:\Program Files\Mozilla Firefox\xul.dll+1866c31|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.31.91730071C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ca1|C:\Program Files\Mozilla Firefox\xul.dll+1866a4e|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.30.107019332C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305ba1|C:\Program Files\Mozilla Firefox\xul.dll+1866894|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.29.57648886C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+3ecc9c|C:\Program Files\Mozilla Firefox\xul.dll+3ecbec|C:\Program Files\Mozilla Firefox\xul.dll+12b0558|C:\Program Files\Mozilla Firefox\xul.dll+1305aa1|C:\Program Files\Mozilla Firefox\xul.dll+18666d5|C:\Program Files\Mozilla Firefox\xul.dll+29d466c|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 17141700x8000000000000000171254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.28.126802716C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29d4540|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.236{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b1708|C:\Program Files\Mozilla Firefox\xul.dll+12b151f|C:\Program Files\Mozilla Firefox\xul.dll+1470a2d|C:\Program Files\Mozilla Firefox\xul.dll+29d44e5|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468 10341000x8000000000000000171251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.235{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12df91d|C:\Program Files\Mozilla Firefox\xul.dll+12b344a|C:\Program Files\Mozilla Firefox\xul.dll+12b3304|C:\Program Files\Mozilla Firefox\xul.dll+e165ee|C:\Program Files\Mozilla Firefox\xul.dll+29d4242|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594 10341000x8000000000000000171238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+29d41de|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4 10341000x8000000000000000171237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+29d4155|C:\Program Files\Mozilla Firefox\xul.dll+29f1894|C:\Program Files\Mozilla Firefox\xul.dll+29f17ad|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+41230|C:\Program Files\Mozilla Firefox\xul.dll+1229030|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.234{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884472C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x101451C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+121f1bf|C:\Program Files\Mozilla Firefox\xul.dll+cfe354|C:\Program Files\Mozilla Firefox\xul.dll+1fe73|C:\Program Files\Mozilla Firefox\xul.dll+11fa7e8|C:\Program Files\Mozilla Firefox\xul.dll+1f215|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+1e76f|C:\Program Files\Mozilla Firefox\xul.dll+11fb561|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.224{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-A29D-60D0-8E10-00000000D001}43885196C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\ADVAPI32.dll+188af|C:\Program Files\Mozilla Firefox\firefox.exe+4325b|C:\Program Files\Mozilla Firefox\firefox.exe+24808|C:\Program Files\Mozilla Firefox\xul.dll+cff80a|C:\Program Files\Mozilla Firefox\xul.dll+12158e4|C:\Program Files\Mozilla Firefox\xul.dll+1213bc2|C:\Program Files\Mozilla Firefox\xul.dll+122054e|C:\Program Files\Mozilla Firefox\xul.dll+da8204|C:\Program Files\Mozilla Firefox\xul.dll+407b3|C:\Program Files\Mozilla Firefox\xul.dll+3f6ba|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+dadd37|C:\Program Files\Mozilla Firefox\nss3.dll+fab6a|C:\Program Files\Mozilla Firefox\nss3.dll+ee2a1|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000171229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.223{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe89.0.1FirefoxFirefoxMozilla Corporationfirefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel="4388.27.272112540\165994302" -childID 4 -isForBrowser -prefsHandle 4544 -prefMapHandle 4548 -prefsLen 7137 -prefMapSize 238512 -parentBuildID 20210614221319 -appdir "C:\Program Files\Mozilla Firefox\browser" - 4388 "\\.\pipe\gecko-crash-server-pipe.4388" 4564 tabC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2LowMD5=32876A3F2203320A6C967F8DB7DEAE76,SHA256=AB582F2850B9EA109D8F860F9DD1306808AEE5B8A59827557B07BA22E77A289C,IMPHASH=C483AB042998E5D3F9AC1D5A7C7ABDB2{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 17141700x8000000000000000171228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-CreatePipe2021-06-21 14:31:02.215{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388\chrome.4388.27.27211254C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:02.131{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD2F6ADE9DFD662DD024116992A2FDA7,SHA256=6897358BA0F40BA87395F78EE2E86ECFF6DE54E5DED44AF675885E560BE6358A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.546{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=C9D1FC30C0DA6123B83739E747EFB843,SHA256=A15494C5D12E7577AB9847D51942A1C0B1BD5A3A81A273F5EB73BB934B3C972F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.514{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AE567408E9B202A1DE5671564397EC43,SHA256=272C705E54F69A5B9975171F714C2512B7BC906D465A00EB20FCEFAA9DA07D74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.514{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=69F709EC8364906A732B02887B02A0CE,SHA256=D5E4D03A85B1D1419E81B38CAC8DBD15598F4F26BD3F280D027AEEA9CC2E0DF6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.179{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50802-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:04.529{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C97452BD2A4F53C285C5518DD398B8AB,SHA256=CB606D5E5CF21B03A3FCB422BCE6F0D777A7E41D303658C925B7E1624796C616,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.559{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D4E11FCFEC0EBCD5B3043CACB82188C1,SHA256=302B7271040154E156BA942B8EE32AE2E4DB9307C2722A429B3CDE497B2A96DF,IMPHASH=00000000000000000000000000000000falsetrue 22542200x8000000000000000171304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:03.474{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388processexplorer10054-C:\Program Files\Mozilla Firefox\firefox.exe 10341000x8000000000000000171303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.076{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:05.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:06.574{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6A63392E90FA7CEE8588562396B5B6F3,SHA256=05557B37E106E5925635CA72A0C49B201C70E1A29F7D66FE74DB8DA2578050D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:06.075{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=2C12E9B1CCEC2485D0FC626185E22810,SHA256=4B94E8CFC1F3A158A34FC6F80E7FCEDD7043F73E88A5FE4CAAB8702E17F2654C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3561288849sdhlie.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=44536322E812D99485AE03498E4B4EB4,SHA256=EF1D6FC2581FC8E2399460219D787140214349A6FC8AED355CBF86461381E801,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.642{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.626{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.626{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.610{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.610{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000171317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.609{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 23542300x8000000000000000171316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B7770B7F1CF6BFE25EFE351E546E492,SHA256=023F2DB3C4ADA00D5F6D14A633D343A707BDDEF2784EF4BBF8546BA12063B28F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.589{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 10341000x8000000000000000171313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.210{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.106{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.058{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\formhistory.sqlite-journalMD5=9EAD74CCCDC9F5EF9751DFE5F1936018,SHA256=0C23551080C397CD6EB003D5441EF8E00B5FDFD831A750D8BA3BD2DF1A956E23,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.042{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669 10341000x8000000000000000171308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:07.042{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 23542300x8000000000000000171328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.641{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BECCBE881A9040AF757E037B1AEDA6C,SHA256=FEF4AD299BD4D180EB36BDB4C9895E88E221951ADF9C4A2A2B16A20B909567CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.607{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=E224A00C73AE6CE5548010AF91CAB75E,SHA256=4678253E838CB763D0543419283D12F3FD24B33ADC4DC67D74E7C68E7117B1A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:08.405{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\2918063365piupsah.sqlite-shmMD5=426A05CA94CAF564C0D0F6DC497AE60A,SHA256=955CC6B20EEC3DBD38C52BB058AEFF31EBB4A41A13E0D7BEBDF4410E720A647B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:09.655{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D92139A63277DFCF5A795A8671A3BC8,SHA256=80727036B9FC99A6822C9C9DA1BDAF6A2CE1207CE339352A2707DC081BB7343A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.812{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\Administrator\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractiveMD5=446DD1CF97EABA21CF14D03AEBC79F27,SHA256=A7DE5177C68A64BD48B36D49E2853799F4EBCFA8E4761F7CC472F333DC5F65CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.781{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\WimProvider.dllMD5=1B0C7DFB2240BA004B37904073624DB3,SHA256=F2C7DB522DDE968EDF49B03BC10978AAC4C42C745CA4A474627E8CEBBCEBB00A,IMPHASH=20D31D66F56B810094B1AA564C92009Dtruetrue 23542300x8000000000000000171480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\VhdProvider.dllMD5=F37C8F5BF852151D9BF085687A8DEC6D,SHA256=6CDFC95C2F2ED3695D5EE8CF4367A6C7FB5707DA3C234CEE8FA8C1BBDE426DE7,IMPHASH=3CA997A1A0BD38B850B18DAED5E948DEtruetrue 23542300x8000000000000000171479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\UnattendProvider.dllMD5=3DB4777B76FC1973A61754FAEC348981,SHA256=29A4C7379E5A0A7532C90B5ACE0DD99AB5311D03CC0BA6A4BCFB410D7D8B01AE,IMPHASH=4FA75E8720452554D61C8AC5FD64C43Ftruetrue 23542300x8000000000000000171478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\TransmogProvider.dllMD5=5E82E2B7CFF045C7CDA8E33EAB186402,SHA256=0038B82E999C3DEF3980D39A8CAED9EA6B52A4FC9EF58BF3B3F5FC91F7748112,IMPHASH=7746C0E3C7D3763C5F13C90D4934087Btruetrue 23542300x8000000000000000171477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\SmiProvider.dllMD5=C5C7A9E3121B91E51ECFBA6FB2985044,SHA256=FB519B9EEF4C3344D58C768BD3AD7ADCB0677EA7B998056B6A13620CB9E61412,IMPHASH=03C38376DA7CCE75E82EECACADA0EA03truetrue 23542300x8000000000000000171476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.765{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ProvProvider.dllMD5=5077063311C5708318C5FA3E255011ED,SHA256=97FA95102B6ACF00C70F140EE9FA4A73A6BE7C03E0F0D99AE58DB5E492CD0ECA,IMPHASH=D8DD764BFC0F1D9E403714D169018B83truetrue 23542300x8000000000000000171475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OSProvider.dllMD5=4868187A2F176074DB7F35E356F74D4F,SHA256=84C8C4C67C808871A278254304D985533F67D44391840F43674FC829014E1B60,IMPHASH=82A4D833A82D441391A9AA3027199337truetrue 23542300x8000000000000000171474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\OfflineSetupProvider.dllMD5=86B7E8438B1125C479FD275B1BDDB9A7,SHA256=47FAF8671B25A30D7BCC47AD35926D70DB633A181FA6C276479B4408A526E63E,IMPHASH=B8B4A188EFC4F12D33591C6D319B6F12truetrue 23542300x8000000000000000171473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\MsiProvider.dllMD5=EA19239A85416A488360FA564D312402,SHA256=F21591336CD1A24EE941827620405FA34414C1C349216B4B8083ECD1FFF17C29,IMPHASH=33E1132923056DDEFB0521726DA5B987truetrue 23542300x8000000000000000171472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\LogProvider.dllMD5=F7DB4F104DBB56DF5A156E7329E80112,SHA256=7C67EFAF44D1413576B4575B1A4C975BCB10B64BEF13E6756E895D4DB9E61AA2,IMPHASH=FB695172E8A76C56E97CE435F8ED0220truetrue 23542300x8000000000000000171471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IntlProvider.dllMD5=0082903881275179642AE83EFA720310,SHA256=7CCF1625E6FBE4DB16F12AC037E4236A3EF269DEE47A157C68374C867941F9E8,IMPHASH=CFB81BC5FF922F23D605A653700FE666truetrue 23542300x8000000000000000171470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\ImagingProvider.dllMD5=EEB4AA36BAD26A2C6216A1FF3439B58C,SHA256=44A6679425039DC870C297294C4B3323F6FA9DE5C7D16D7D0AB7E1254AFC75D3,IMPHASH=0264D9B4BFE54732ADF0E29BC73BF280truetrue 23542300x8000000000000000171469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.744{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B034EC58467628FDF37D5D8FD9F6F00B,SHA256=F3972323F6452A52D75119CB9E8AA1061D4360A825756D71A6AE90ACAD5DBDE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\IBSProvider.dllMD5=11DE34FCDB75E79A920D3B491F3E7BF0,SHA256=6B7C7AD8B1AD522B27B2CC5E4F76F56ADE4495D7D46CE4F997A68954F072AF17,IMPHASH=C755896FA14213058E34639A28868FBCtruetrue 23542300x8000000000000000171467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\GenericProvider.dllMD5=397ED660129D40927A27B75A4B8FAE2E,SHA256=EAFCECFE911DABB4531E1331DDF2E119DCBB6B7A887D70BDE737EA76BE10EB74,IMPHASH=F55EE75573C110804DE5E50ACEEC1B06truetrue 23542300x8000000000000000171466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FolderProvider.dllMD5=6428B4D0C26DB23E9478F039891CD5C9,SHA256=55126BB099785C2F9CD32A30991082C47D62C8231D570A9D8A6F3CC599B25EE1,IMPHASH=B2CC5EDD42A866F7CB6CAE42DB969187truetrue 23542300x8000000000000000171465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.728{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4BBCB21D24938C1B1924A1A790D5BCD9,SHA256=4C8699A7AC7E5095E1955C30640EC0CC3B8A0DA269FC887B9C20F50AB3E5AA97,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\FfuProvider.dllMD5=E27BC7F808E72F08372BA3C40B4B6344,SHA256=927B194432046C0D2ADF7C7B71E4BE85602C4D00A5D6EDA9F9DB9924E1C3447A,IMPHASH=8580AF5C1871319D05329DB2E96A8146truetrue 23542300x8000000000000000171463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\WimProvider.dll.muiMD5=CC3B15540DDB521A300BAFF0BF4F902E,SHA256=33C06CC037DF1EBB72A15BCC2E09BC89DFEF7DD94441C650FD3D0C833122002A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\VhdProvider.dll.muiMD5=10536C56F02E68EBD13D0B2CE8665C6A,SHA256=06C3B71D251A8DD47D02EDBFBE84E0B6B1D67956DE4D3996031434CBAD728929,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\UnattendProvider.dll.muiMD5=B7E3676672BE6851EA13ADD879C2945E,SHA256=2D2D82EE842CD346B58DCAFAE6FEC46D491E0D15CFBE0D8964A4AB7F18C5AAB9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\TransmogProvider.dll.muiMD5=D5D596B1102DA565C2ED1FAAC170E758,SHA256=B5DBB36E947FD64AAF22C53F0A9634C7D72D4CC270C055B67E020920BF806909,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\SmiProvider.dll.muiMD5=CAD746ED5AF63E7FC49ED4A5A3984629,SHA256=016C6071B04E6D7E12AD9B8A85C002320331E01ED62922C573A1AC43BA0DD919,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\ProvProvider.dll.muiMD5=70AFEC86B6CF677BF8D3C713CA3281FB,SHA256=C8579EC95A51EB663FFC6145F0998C2F1930A6B8146C84C0A9094BCA4E5195A7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\OSProvider.dll.muiMD5=A464DFEDEA8520616AA9B2ACD166A77F,SHA256=54E985CFF256CEBE82E9EF3E814A5FDA9FF730BCB50265E9BA78DE65A4DE3F42,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\OfflineSetupProvider.dll.muiMD5=CED788DBD9D13D0490B2F642B0B051F6,SHA256=D5DBC0A52B598800EE14569859383525950B865F4816E47E2E73F79AA1C32A09,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\MsiProvider.dll.muiMD5=5AE9ABD6BB469F3AD7B3A4CCD40974BF,SHA256=C2CE66F2F218890AA76F8BAB68B4C0FDCED0688E694F912F3A5BFABFA6CDB5E7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.713{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\LogProvider.dll.muiMD5=0D4519BC8EB58A006E4A5EB993C0DCCF,SHA256=DAFFE67521F9B4657FBFEF9585234CB39293F9B866C0D97D66F675037515BB51,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\IntlProvider.dll.muiMD5=16ACB74928BC55FD4AAC316F3B92E1D7,SHA256=17CB486CADB679C75A27BA6C76E2FE714F4B8DA845E6F795759517D6734F0BC9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\ImagingProvider.dll.muiMD5=26F5BBF8D6EE90B4F47C18E93D1087FB,SHA256=F41738FEF7140176447ECF371B1117A485E48BA6F3E9AFAA8C4F883ABFAE62DA,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\IBSProvider.dll.muiMD5=0B09FE334215A8E736B2CF08A50D5204,SHA256=DCE9AD3B79F91BEBEDDFCD9E03F1557CB7C6114AC906081E9E046F807093CDF1,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\GenericProvider.dll.muiMD5=956B8B45B92321C0D5975EE9A6C5B773,SHA256=578541D71466CF61EF399023B34EDFCBD915142BE856534AD4D17D25E7CC9F3D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\FolderProvider.dll.muiMD5=DC4E4C2800DC6D98F7893044A21D246B,SHA256=8B4CE62F4E4294E701193C7AE393EB5EB29AA45932D376CB1A03728A140096AE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\FfuProvider.dll.muiMD5=5ECAD70AC2B3A95CBB42D6FE67D2F726,SHA256=C210389DBB9B7B4A802E4B0C3C708B6F55B086564A01E19CFB183B6AF916C30A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DmiProvider.dll.muiMD5=38C2A1560C340537C3AE0CE04BDF7EAA,SHA256=52B06DFD85FB5AB1DCE2BE665CA144B1AE6658F518D1623D9B44C347C482B064,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DismProv.dll.muiMD5=BD7B77B3EE9A12FF3F5446ECDF80B5C6,SHA256=B972A0B2C4682E9074441B481BD886DE19B8DB3DBA401B88E980B154C14D5A7E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\DismCore.dll.muiMD5=C901FF639EDFBBE710D6E5882F07CD24,SHA256=9BDA61D23DC50F9AFA82DA94B06B7B9C8229D5ED666D2F5270DAE13100815C27,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\CompatProvider.dll.muiMD5=A2A344CB32B6835744A36D877C952665,SHA256=A74D765B796638A921C4810D1712A08F7A37C9BA9E91F4DFDCB9727611C3D18D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\CbsProvider.dll.muiMD5=179B34BE97A383AF3E757031E7DA964B,SHA256=ABD3824664D1336EE849D89BA178606CC1B1E23E173752D8093F34A5580FA8F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.697{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\AssocProvider.dll.muiMD5=386FE7AC95738A0CB6D25DEA662991F1,SHA256=22DC7317108A528BA92C853330598F628B93FFF27CAC34C2F501B806A75261D9,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\en-US\AppxProvider.dll.muiMD5=9FF5081115C2C21D9F85AF7EE6D2CC63,SHA256=107B10A8C1426F1C0D703F06832D740A4CFDCAA596FA0EA147A32A736A7A2A4D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DmiProvider.dllMD5=FC76385FF00D4A93618D842B41716D8D,SHA256=BBD49A49CFFA8411FFA91B02541F5F3B5333FD9055BC129DDD3B36EB005C34D9,IMPHASH=062B279D8ED4374A0CD0C84620F4BE4Etruetrue 23542300x8000000000000000171439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismProv.dllMD5=8C7D97E22045AE402EA896F514CEED81,SHA256=76D3202E11BA22D277532A14CAE60E596975C0D8C34C7BE154F453EB1F7C37EF,IMPHASH=0247CB1C8FD55E43A448E359883057DBtruetrue 23542300x8000000000000000171438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exeMD5=A59C22B77871CC18970038B7FA43826F,SHA256=CB84B51713BAD689ABB96560E57A71B276D4B28B1C09C7116EE85F5782A1B144,IMPHASH=734010D3430DBD2CA51B599924FE1424truetrue 23542300x8000000000000000171437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCorePS.dllMD5=FB88731B484D1FF4AFF5DB75A20799FA,SHA256=EA155388211E0C3CEF2C99BD5F341C9F93F1ECDA6F21096DB6F9DB2110686A52,IMPHASH=65E10DCEA11F7117C161DC7557B87689truetrue 23542300x8000000000000000171436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.681{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismCore.dllMD5=F1AB58CACD95921A04225222D03CDEA0,SHA256=EDE89F377FD46F95639413411CDA072D9FF63E72A399B26AB4870094F145091B,IMPHASH=B7B56C790C8AB7134B0680D8DFE46658truetrue 23542300x8000000000000000171435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CompatProvider.dllMD5=E5C1D020198EBEC1D5ABA640C9A600D0,SHA256=A80FD2846E05AB491BDAAFCE8854A04549A852066B82B90D757D9B6A44ADA8C8,IMPHASH=2CDD615C09EED7B572606B2A0C0EFD2Ftruetrue 23542300x8000000000000000171434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\CbsProvider.dllMD5=D4A64C7C50D0C6BE9F8770177E2264BF,SHA256=E6505F9DBE17DF9E7E52B5FE1720E1F6482B25D262A47A320CF438C5FD5A5797,IMPHASH=99D5DC4FF67AB12670853DD4E32E8358truetrue 23542300x8000000000000000171433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AssocProvider.dllMD5=56CB83B3454882509791FBA62832BC87,SHA256=5B01524CC03B6EB58CC9E0FF479014EAF89EE7FDE2791BFF871BC90274D200AC,IMPHASH=83F73507B4613B09C6FA825535D8A81Etruetrue 23542300x8000000000000000171432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.666{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\AppxProvider.dllMD5=8F6792DF9EC54934B76A68B1D7B66ECA,SHA256=E57CB2D5CEC5E1354F4E31CD08ADA02FCAA0E2DEA4B28C8F61683BFA3E875C05,IMPHASH=F1558CACACA712554EBD5926B4B3FE52truetrue 23542300x8000000000000000171431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.664{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-winsvc-l1-1-0.dllMD5=09934F0F7227B9489D117C26EC20CD14,SHA256=CBE408A0AFF90986A6A7DDF022F96302B4FADD08A0C3C166CAC7A64D6ABF041D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-1.dllMD5=484ED248F1A72C6E4E6F6C3F5A3339ED,SHA256=00E14515FE6FEBBF3C2CFC89A6F1A3D6F48B3E7A5EB08D50DADF69CE3F34CC47,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-private-l1-1-0.dllMD5=FEBE55EA884F3C1EE45ADE2734AA6BE6,SHA256=CD51DF334A600117133C9C8100DDE766D980456988FD333A40BE5A81C8092340,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l2-1-0.dllMD5=0D45D811001E0A7683A2B7CA8A883874,SHA256=F44E2A85D7507159AE115C85C3497C57BE4ECB2D6ADDB30A534110266D56F92F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-management-l1-1-0.dllMD5=C36912B3A28B06F5BB24FE9BE49DA4D3,SHA256=D737A832C0D595E8E52846C2D748B911D7155E372F43FBB10513CFDE0BBF83B7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-1.dllMD5=A86D518BCF3970C17A1768792FDF37FF,SHA256=AB5CC1B14D6BB708B5C87C2622DA886E2119A6997E08108CCE36080385DAEE71,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-service-core-l1-1-0.dllMD5=A329C75641638E2FFA11087F614FD4C1,SHA256=5071AA303D436407D195EF37889F018BE7E350DA5E690793587458D4C6D308DB,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-sddl-l1-1-0.dllMD5=C6C6C3E4D7CFA93246362901750A94D9,SHA256=6E274ABE823EF8B30629A99D9F942794C9FE6D003021A0C5085B49A7D8611DDE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-provider-L1-1-0.dllMD5=207B5716605CA4850629F3E2FFFA07BB,SHA256=BE6E6284F69C76BE6366EA8D44D85BDBAB6A71DD42E8B5575CFDF671AD58DCA2,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-security-lsapolicy-l1-1-0.dllMD5=FE7AD7265E296947172B8C491E8109D2,SHA256=4D231AC65F0F54BFF45CACFFE7DF3109CF87F78D14960EC8F03654E605AC8ABF,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-1.dllMD5=EBD6475839F5C99FB8855A80E0FC2AF1,SHA256=F519C7AA6930DAC83A3045CEEE42F64F26FFC54254D5ABD1B0F7D99C47569A30,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Security-Lsalookup-L2-1-0.dllMD5=AC284A6251F5D26633AF48D918D09628,SHA256=F7A34B793AACF75DA4EAE843B6088C0BAAA8B835EA5F6A65E72EBD9A1479C8A8,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-cryptoapi-l1-1-0.dllMD5=DE0A49D4B2E9A5FA6762BD191C622B32,SHA256=AB12FEAF15CB313812B01AFE1198B62E72F7702D140830ABAD2CFB6251E82A7C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-security-base-l1-1-0.dllMD5=DC4B661366FEAA4ED54FB1004D9E7A3D,SHA256=B4018F8F249CE087DB46F61A0C2E947248A5B71576F511F0B3650433607BC663,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-EventLog-Legacy-L1-1-0.dllMD5=B8B7B02C3C66638EC0BDF49BCF04A680,SHA256=5D1103E89199731DFFF7BF89D7F6484C038D47CC04F730CD5233EDE488272E6A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Provider-L1-1-0.dllMD5=FEAA05CE6CCB92AA7B2A2C58C049891A,SHA256=31A4AE262E179DF4CA406E1AF90F651935657BB5FD990C675C67E37D5B834CFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.644{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Legacy-L1-1-0.dllMD5=88450242D5350529CC8E46FD9C3F3B7B,SHA256=312B6BFC89B551F2C4E8FEDAB316DBE01F190CD5E67091AAFB0E6F67616DC745,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-Controller-L1-1-0.dllMD5=00A27A81EAAE90C9CED7063013877357,SHA256=DC4EE086FC046E1D7A291EA3B8B13E77B7A252B5C283B8F6C9CEC729070B7822,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-eventing-consumer-l1-1-0.dllMD5=61958A4BE8F944BAFB29DF8009541FCD,SHA256=3B7CB5622BEAC7D633A84EE2F7336C8DE1D3D1AA10577D98020081AB67761FAD,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Eventing-ClassicProvider-L1-1-0.dllMD5=8500E093D6B36DF1AF271F6EB34227CA,SHA256=99E2CD36104D3EFD4DEC88AD0F4BED1FD1BBFA97CC4FB29DB7F7136290DD6B70,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-1.dllMD5=5A03B636125C21AB918D2CB04843DBA8,SHA256=C914CD6FE6C7B16533763BC789EDAF67D7A19C26514C927572051C4379C79FC0,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-devices-config-L1-1-0.dllMD5=0C61A8D9CF9BBF6D771BEF0FF4A43E23,SHA256=66807B95E13944D52E9A7AA1F1A41E632FAA46F6B48F98451618DB3845622577,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-xstate-l2-1-0.dllMD5=56A386E38B637FCD96CED04CEFBCF8DE,SHA256=A5BE1E3C71A3A5C8EEF4BFAD9D0BADC97BA47B2B9911CED4BD1B8F65BB8DCB77,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-xstate-l1-1-0.dllMD5=6A982D13DDB295E59F90FF23EDD2E60F,SHA256=3617DBCADFE370463B4DBB91C1C6222923F16EC362DE29C2CA3AE4E72C9ABB64,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-wow64-l1-1-0.dllMD5=AE7573E1DC370B9A8FEBCC17A6C82FF8,SHA256=59A473D1AD7C181C89AF00B966CD107F1846CDC526009C4807A1EAE3DCB3731D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-version-l1-1-0.dllMD5=5CB34501C2D784D31281FD526B0BB963,SHA256=E45B73AF0C35F05B01CADF6BD4F67C1497586F4C4F9A16F0448BA751E16C4596,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-util-l1-1-0.dllMD5=212DA9E9AD6BB61A3554A4174BA558CF,SHA256=01291D3895EC5BB0E658F91FE1512AADCBB6D8F1154BC6023076554AFA05AC1D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-url-l1-1-0.dllMD5=198A08F8150D7575CC207CFFCF67D66C,SHA256=86F6DA0F1D075B7E1678DF71689948FEC334CFB10316FEB40E5107135548F9B4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-timezone-l1-1-0.dllMD5=4D7C132D9742FFA44248B1BBF32020FB,SHA256=58A65C1938DCDF64D2930B037E9D133A5ACDF46365835782869D3216D3CF2CED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-private-l1-1-0.dllMD5=A9BC53B62CD4B269B8385ADBE0AE808D,SHA256=A30003AB0C020E433CC5296E7E150BB11820395D439062FF7FD6D7F449C4C5B3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-legacy-l1-1-0.dllMD5=CAC86F4298EB2D239410B3338780DC34,SHA256=1D99842180A612D63F1A8B137A9BF0375B7113AAB325916BA4781AB8A7B68E7D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-threadpool-l1-2-0.dllMD5=D32DDF80AB3F1F96F431E5672DC1F387,SHA256=E2F0F0D46082ED40D042BCCD47F4E917707CF884672C5919116126914FAD4572,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-1.dllMD5=E83097DFE144367FA2231828F9FD89A6,SHA256=69FA978126192DBAB6AF11C9878D9C2BD1FD7E3FC899300244DFA4A1AC7ACA31,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.628{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-2-0.dllMD5=8D842EBFFA7803451A3AC7D6907A6AD9,SHA256=808C22A733B5F6A4E601605DCF4043C9952CEBE825FF2622097FC5B4FACF682A,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-sysinfo-l1-1-0.dllMD5=376E34D4A8F94C94FFF063810717612D,SHA256=5285A11016967E2017A8187882579CBD722371D0B7497B356149FC447160A521,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-2-0.dllMD5=E19F4FA6A6313F00ADE8AF26649A0BA1,SHA256=386F6CC0C3CE0C904A44A2FDDD11B2E5EA7782B08E69FD961DA5BE3C32BA5C26,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-synch-l1-1-0.dllMD5=95088E453B41A8B50E7340E6DE9CD09C,SHA256=E4938C16CA5FC7A8C9D87E4201FA2F28992026F5858F36A2A44EA22B5BD0889F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringloader-l1-1-1.dllMD5=FE1D00B19175DE6E9729F709C508DD6B,SHA256=D726F32AEB323F4DEA55D35441D1FF06BF3E212846A6B86D9ADC8F9DD1307B57,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-stringansi-l1-1-0.dllMD5=43F8D61E2EE0E253B973EFED0B3EBC8D,SHA256=1B9FA225A474D42FF8360141C8BC1EE1E7310958910931AC8E5A213E957700BD,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-obsolete-l1-1-0.dllMD5=92C0A4E592B5D773C562A36CBA4E6E47,SHA256=5191E82E921398310FE9FD333F5CA44E6233358499EDD5B33BF8E9F0C9D3B88E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-string-l2-1-0.dllMD5=3E1902AF98905F00E62B1EC827EB0FC2,SHA256=503443DBF6E6E481EA1C661109CE17B3D55C4FEA001D77F11CD032BDDF64FD29,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-string-l1-1-0.dllMD5=D30D4587D051D288D1023DB0D826295A,SHA256=DFE66C8C205C95274565BADB7B3C19043917F6CD07A8DE34CE241EFFF9EA6676,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shutdown-l1-1-0.dllMD5=1D8D1283F8279BDDACF8745AEDA3DB2A,SHA256=21BF3432160DD9851CAAC716DF3A41E39428A84BA9B9D3C63CDD300CB6928300,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-obsolete-l1-1-0.dllMD5=33BEFB60C3DC3E93FCE54A0515100181,SHA256=24B3FA4C5E8AB463BD2CFB704D7BFA7E8429726852EF582F94E44D7691BDD1FB,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-shlwapi-legacy-l1-1-0.dllMD5=699CDC66AA090D13EFF451F2006944CF,SHA256=6212B2B8CF5533F9DB6E366BBADED7A8D6EAD6667EA6A425B6987102669D8D96,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-rtlsupport-l1-1-0.dllMD5=F9672F68330CD16B0D1FA3A75B123AE8,SHA256=C5938839A3DFFBFBFEF432D0A95D0773375B4758FC160EDD04383A4B4273A18B,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l2-1-0.dllMD5=BBC015F33C0C3C2F9FC58C466BF8A30A,SHA256=1ED3511DC98353CA8E9B22A40C318BBD24484C25C171886B06B22AFD396ACFE8,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-registry-l1-1-0.dllMD5=D132FADCBF190A1C68070E6D488E67D7,SHA256=E6F51C07641EF931C4F97E5D966242BB96A156A603A7769BEAE0EA61E9E25486,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-realtime-l1-1-0.dllMD5=792C54B79CA333ABBB51BE66815A98CF,SHA256=1E3B3505560AB3E641C386473A83AA194D94CD5BC6CC4FA718D003D1FF899601,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-profile-l1-1-0.dllMD5=C4E53285E8C51DCBEFF5098215759D69,SHA256=320A6138FE915BE7E83F4CDC2024531948185C3BFC939CB367A53F1AA74BFB2C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processtopology-obsolete-l1-1-0.dllMD5=99E3ACC47F10000AE67A577F5893FD5A,SHA256=AD01524D3FDDC25C91292808E7B333B587C902E996E557885E79CC10F9A66214,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.613{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-2.dllMD5=DABFBC1EAB7AEE555F3BAEAF981EC7EB,SHA256=3070505B0B060D9EE9C2B699A518481A22DC15ECAF9603089FCF9EBC022179C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-1.dllMD5=8C5DF20B2E2DE6BA6717A597A951E4F7,SHA256=BE42C78E3F21CD6E74811F27E1B76C4FE8537FB149EF34EA455F22AAA29720ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processthreads-l1-1-0.dllMD5=3D0CD1FE610E55E8C151162004A1429F,SHA256=D43535460D9CF2F2D348E9F2027DAF9FC0C0C906D5066E15F86332C839C94651,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-2-0.dllMD5=BB20192D0B22AD2EBBF4960B66D2E164,SHA256=23E758C4F7646AACC2DE8B8930BB272115F726F27E5437DF606E1C2328FA48F4,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-processenvironment-l1-1-0.dllMD5=2CF62C9CF255C15AD1C8B1CCDD9453D6,SHA256=35CDE2048D4EC8D5D02B1CA57B81B8D5F579541EDBAF5DA4485A6323B8C3A805,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-1.dllMD5=FA8EFF9B35BE58F70CD0014DAF108819,SHA256=835F086B0884E8E1689D661657F258FA1E71439672E9F0CC0140D614DAB6FA6F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-privateprofile-l1-1-0.dllMD5=C8490BC5ACB353CAF140CB12670883A2,SHA256=85F3FE5E802843596F466D479111658B08271E48CC1821EB17E6D299D523C95E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-namedpipe-l1-1-0.dllMD5=D8F1E545D80C2045881C7F0525558D80,SHA256=0D9C3D6A6DF364F812D370258C1B3D3F97584E9F7D36569D06746EBA1695D368,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-2.dllMD5=9F77AA276A31F36805DF003F9E66BD99,SHA256=26425008D97A2EA8B95AF52BFE47CF5DE1DE9BB3E25DF77123B85C895192D7D6,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-1.dllMD5=728A5655624D5B091E8E216BE90D9EF9,SHA256=A2B17F63065CC760FA9CF5D2950D0E13613997546C90CFA1C094CF32171D49ED,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-memory-l1-1-0.dllMD5=BA6B6729DC95AA60AF31A160E2CB4533,SHA256=AA433713D5D1DB4413E9F5D938C0C452BAE8EB1BF8CD011803464BBD893BBB08,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-localization-obsolete-l1-2-0.dllMD5=B5727AD79BEBAAB6E6AFA381A28A8E9C,SHA256=C0E101B6BCDDC28A9BA24C7796BBDAAEFC14459E402FD53053F3C23E0D84D040,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-1.dllMD5=FD9B6F1EA88B7167E6EC227A61B90888,SHA256=2FEF21096468EE5C6BFC88971AFDB4CC07F6C4669375561863B85023C15684AF,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-localization-l1-2-0.dllMD5=C8420A86D981BB6AA0D32001D234639E,SHA256=2E93EA8BB070C07C39B7F042B7D9843C4B74B3D4E69C8E33D89B0574B2D1D43D,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-1.dllMD5=787DCDC02E39A27A63B857FF6E819593,SHA256=91A7DEC7B636C00032D122CA04D4B8653B13E1211C54A4184F3955D2398C2E2E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-libraryloader-l1-1-0.dllMD5=AC90FCC4E819CD2EEED5D09A1FA42BAC,SHA256=2DA68FCBCE619BE5A90501F971467B7A894C6A705659346729E1E4E306EEB7D7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-1.dllMD5=E269D033D63A117DA8F3F855B90CCBFD,SHA256=41437C84BF757CC5758BF381600D0DECB00E8F8F56F11765203B7880AC4CDDD0,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Kernel32-Private-L1-1-0.dllMD5=58B0B7C61F098BD1E73E9C156CB38C64,SHA256=C366B92E7048081C7B336CEAB970BAA20AFDAEE2456820AA38360D1429C27669,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-1.dllMD5=912D93DCBE67A1373D93BACD0174E3ED,SHA256=0B94CB7472E0777AEFC1B3208ADDE41B893B78B3223F515FB86348D3362624C3,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.597{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-kernel32-legacy-l1-1-0.dllMD5=8E788763C9CDB6E5D1A313C08F7D621E,SHA256=5604FCC803BE14AD10C7A2372FB19BC80D43AD850109A670676982A4EC961473,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-1.dllMD5=DC7E345A08B64DDD90906151E1D566E9,SHA256=ABDC082DAA40FCAF14E4E554DF23CFC48533F5A2157BD540BFEC49EB8E31E403,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-io-l1-1-0.dllMD5=A4381D04E233B96B657262DE9B31594C,SHA256=17BE2709D85E6B922BDF5D357FB4CD9416234F8E6685226F5EC776E8B3B5A678,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-interlocked-l1-1-0.dllMD5=39646EB20F4366691E3EFF958C99D1D4,SHA256=262D2C2EBAFFA4276F54B05A5A1DA125CC9DCCAF76EAAD3AAF7B23D54EC33C8E,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-Core-Heap-Obsolete-L1-1-0.dllMD5=0C5DE8F3B6CC9B44ED0A0556A02F4867,SHA256=D08261783A1749B08F7423923B00FD77E3B44265889B1F550A64239586BC8FC7,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-heap-l1-1-0.dllMD5=51EBE577149EABD170684C2668F967ED,SHA256=0091D6C33047D8EF6E0F09E049DF2CABA5EE6B4F5B1870E0A369D3BF6DB72330,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-handle-l1-1-0.dllMD5=F83CB23123F3E4885547ED29F2BD2360,SHA256=495A9EC7C50D6D72F209E1F69C9B0C292D8D32FBE79FE675128786F8E351B988,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-1.dllMD5=8B79E85DB9AA6D00794E5151455951BB,SHA256=EE600140599138132439FA9FB9FA6B028A9BF2A206A856CCB1106EFF45459C13,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\API-MS-Win-core-file-l2-1-0.dllMD5=455C1AB890C154076E0E23A42F10B6F5,SHA256=DB95D8AA71A8E0A54852C1A83E42267C72E26F2A111AD41146096BF26825FF62,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-1.dllMD5=A9808572063E5A5649EA59F8B40FC7A8,SHA256=D4FD5081924D4B544188A687BD37127E0A38AF310E77C55F6EC22896B95B3C9C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-2-0.dllMD5=4438E1D7952A77B7F71FF45EF821814F,SHA256=1C4FA5120E310E49C8112ACB6E594DB2F581AE4B6BA6241EEA4301E0E373959F,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-file-l1-1-0.dllMD5=FF5C179E19923B65E650B11283250D50,SHA256=CF84455BC2AADF2960F0AE4D3691BF3032F412578CB2730A27848C6B26D00225,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-1.dllMD5=A263189D905386A2A91CD2EB39D3365D,SHA256=7392027920D102DBE4C2C15590CC471063D6B1456CAA797BB71F8973C60B47FC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-fibers-l1-1-0.dllMD5=A1827E232474C845B7A495D1A4CA6169,SHA256=A95088251923F1233CA4F5675457D6D6B2A1601734D4B5451420298491864746,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-1.dllMD5=E98BCC3FA25D6DB36D50786EF08DBADD,SHA256=7BDA00F42BE64BCC1022EC3000FE2582CDF4CC89083D868ACA9DCE982C98C52C,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.581{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-errorhandling-l1-1-0.dllMD5=14E8A42D84E459F617344438903680EE,SHA256=1FCB6E1908C13B5184373E83B3C13FCF96B55E4FBBC8AAF4D6E9DA604DB75848,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-delayload-l1-1-0.dllMD5=762D2E52FAFE433C50648FC23D7C3E76,SHA256=53238588E10FFAABA96C751D34181BA04A869A0474757E79D9FE82ABC3DC7CFE,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-1.dllMD5=1652E7B742F30832826B48E62485BFC7,SHA256=0362AFCDFB6CA89CDEE0DACEC94A5E45D6910B5337343149007DE2443050D154,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-debug-l1-1-0.dllMD5=E02F6786930435C736D71E9B6B898773,SHA256=4C0F43EAC3834878F16175B17427C0195A3213B7CDF9702447667D703AA29B54,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-1.dllMD5=78876D83AA27E510EC3DC3355D034B92,SHA256=44A696C4626AF85EA565D651D7FAF5E21B6EB0C6EE47EE93419D8A7BAD565278,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-datetime-l1-1-0.dllMD5=CF9560A4450AC70C51866581802AE8CC,SHA256=A7A23DC37F028D38D2836CE881FCFF1FD066538588B207BBBCC3B1AB96E3AB62,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-console-l1-1-0.dllMD5=893E267BD0B91FADAC2A2BAE70FD0400,SHA256=17D17AC0383117E9A14D7687ECAA3B27AF1C71B89687A5C3E5B8761B2E64EDFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-comm-l1-1-0.dllMD5=C7EC73197892D7F63059C10D19BD5D90,SHA256=768E17ED08111FD22BAAC8FAC00C7DD87F0E57FEFCDAC58CE04B868528B2FDFC,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-core-com-l1-1-0.dllMD5=08A5A3129DCB52F3C4E51EE3C4A827E7,SHA256=3C6549832275052BCC2234CC4433D95407800ED65359F5147C4762EE0C71F712,IMPHASH=00000000000000000000000000000000truetrue 23542300x8000000000000000171337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.566{D8DCB3A2-A29C-60D0-7A10-00000000D001}1900ATTACKRANGE\AdministratorC:\Windows\System32\WindowsPowerShell\v1.0\powershell.exeC:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\api-ms-win-base-util-l1-1-0.dllMD5=29CD6DDC6BADE9098B9A4402C6336D62,SHA256=B97C475AA8241C9B674E8C51C387AFAAA7977B036D9E2F7FAFB6CACC11D985BE,IMPHASH=00000000000000000000000000000000truetrue 534500x8000000000000000171336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.565{D8DCB3A2-A29D-60D0-8A10-00000000D001}4184C:\Users\ADMINI~1\AppData\Local\Temp\2E384262-0FE2-4318-9174-FE2CD63C0953\DismHost.exe 10341000x8000000000000000171335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8C10-00000000D001}34801992C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe+3611|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9 10341000x8000000000000000171333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d8e0d7|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df 10341000x8000000000000000171332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.163{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.152{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:10.152{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.697{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=61C9A40E04847144C0966BA0CEEEC760,SHA256=94ADC4E6EDF5CF629BCC22D8B05DB57B6F33900C081F2F075A89A521A849BCB8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:09.126{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50803-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.163{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-PowerShell_OperationalMD5=9790551047680A6DF25639F90A010A81,SHA256=D8BF652F792FEDC8B287207E66CE043FF65A260A6A720D5590723CFAF514344C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:11.163{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=D6FA66B2470FD922682BD251DA288402,SHA256=F769E3AFF80AA8E418490822BE2603ABD02500CA4F087810CE26E59A640631B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.742{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9076215283FFA356DCEC41C70ACDC1BE,SHA256=1C395491D536A7E00E9F6302D34A436348F1FFEA2E121BA4239288532923B8BF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.711{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.695{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:12.695{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.826{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E1FE9ACEC5FC7D9A30F3D9DC0FD3DA6,SHA256=143D64A44CE4091E3C7050D521FE682E9603517DECA6420E576D4389CC8D5DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.742{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F1014EE0E46D649ECBBBEDAAEF72C130,SHA256=82EDABB4EECCFCA77C39A674B6FE078011DB956A688FFC58A92FA95776AFCAD8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:13.211{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite-shmMD5=9FC0E691F7AB817E9F16FB56F6578469,SHA256=A7EBF8D7225B7AD510273219CCEAC58E74C7AFACA244A3EC4C991A0177036240,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.845{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6004E23727B6C78E0EAD391E647943B,SHA256=6CE6A0E5F15202D224711D41A3597D0A29646262D0AAD93E0BB173B7DA507A4E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.341{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:14.341{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 23542300x8000000000000000171505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.862{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=30996220B282DC39BAE5D4C02942BF0C,SHA256=2BD2E79A99CF6666E723513F1F4F683037381A340111F4762FF9177EA763A2DB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.760{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65 10341000x8000000000000000171502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d 10341000x8000000000000000171501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+1699a9f|C:\Program Files\Mozilla Firefox\xul.dll+682850|C:\Program Files\Mozilla Firefox\xul.dll+1794342|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71|C:\Program Files\Mozilla Firefox\xul.dll+2bc01e4|C:\Program Files\Mozilla Firefox\xul.dll+617841|C:\Program Files\Mozilla Firefox\xul.dll+2d82c0e|C:\Program Files\Mozilla Firefox\xul.dll+2d87ef0|C:\Program Files\Mozilla Firefox\xul.dll+2d87d65|C:\Program Files\Mozilla Firefox\xul.dll+2d878e7|C:\Program Files\Mozilla Firefox\xul.dll+2d8739a|C:\Program Files\Mozilla Firefox\xul.dll+2d8806f 10341000x8000000000000000171500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.641{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+11fbaa1|C:\Program Files\Mozilla Firefox\xul.dll+122d049|C:\Program Files\Mozilla Firefox\xul.dll+122cf69|C:\Program Files\Mozilla Firefox\xul.dll+122a7e0|C:\Program Files\Mozilla Firefox\xul.dll+122acf4|C:\Program Files\Mozilla Firefox\xul.dll+16b38b1|C:\Program Files\Mozilla Firefox\xul.dll+681749|C:\Program Files\Mozilla Firefox\xul.dll+681654|C:\Program Files\Mozilla Firefox\xul.dll+68143d|C:\Program Files\Mozilla Firefox\xul.dll+681044|C:\Program Files\Mozilla Firefox\xul.dll+1794323|C:\Program Files\Mozilla Firefox\xul.dll+1794274|C:\Program Files\Mozilla Firefox\xul.dll+67fade|C:\Program Files\Mozilla Firefox\xul.dll+1790b67|C:\Program Files\Mozilla Firefox\xul.dll+179ae08|C:\Program Files\Mozilla Firefox\xul.dll+178ee56|C:\Program Files\Mozilla Firefox\xul.dll+178f333|C:\Program Files\Mozilla Firefox\xul.dll+300396d|C:\Program Files\Mozilla Firefox\xul.dll+6439ad|C:\Program Files\Mozilla Firefox\xul.dll+63a0b2|C:\Program Files\Mozilla Firefox\xul.dll+2bc0d71 10341000x8000000000000000171499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.241{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.226{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.226{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.893{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B48E22633461BD96EC82919AD4CF2489,SHA256=CA7E426556634E3E85DC897FA0AAF30B782D6F3C7F57A09E3DEB3A4D4A11EA2D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.049{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50804-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.259{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0E9C1ADB40FDAEBAF27B24CB68879E97,SHA256=F0CB80EA23132EDD321176421E8DA9AE219D6C88A61E6B53DED40144D3910718,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:16.141{D8DCB3A2-A29D-60D0-8E10-00000000D001}43884456C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29E-60D0-8F10-00000000D001}5420C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\firefox.exe+2cea0|C:\Program Files\Mozilla Firefox\firefox.exe+2c9f3|C:\Program Files\Mozilla Firefox\firefox.exe+40d00|C:\Program Files\Mozilla Firefox\firefox.exe+409fc|C:\Windows\SYSTEM32\ntdll.dll+7f60d|C:\Windows\SYSTEM32\ntdll.dll+3a7f0|C:\Windows\SYSTEM32\ntdll.dll+1ed03|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.923{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F377195BA50CA00B561299894F3C00A5,SHA256=FFA2A35EB39F37D258D762358C012838CA388F09E04E0CA8260A087224990307,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.761{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.757{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:17.757{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 22542200x8000000000000000171510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:15.594{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388google.com10054-C:\Program Files\Mozilla Firefox\firefox.exe 23542300x8000000000000000171516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:18.971{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9A869AF71A83B67AE338B559F1378C06,SHA256=2058CEA703182C4DF5FA2709F1BF28B21FA868B06233308D7F3807B7CB47214E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:18.792{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=A5B68503D04D13B41970EBB30D3E282F,SHA256=08828DC2AD6004780684233C6958E8E68A1CCDC5292F658A0A26206C72A9C502,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.560{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\glean\db\data.safe.binMD5=0740E3DB4A1F45B6F84885CAEC4A343C,SHA256=86ADDBDBC7D41EF76682C4F2B5FAAF2DEB5863E8279CB92A5569FD454CE8040C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.538{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B67B8C0BE90154F9FD1F38C4F30C2C1,SHA256=BA49553401F26468B7C6BC6CED04DEAE75FC89230722A0BEF61620B387117443,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.522{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-A2B7-60D0-9F10-00000000D001}69406976C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.507{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9F10-00000000D001}6940C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 23542300x8000000000000000171576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\aborted-session-pingMD5=646A678C23E4839CA2767F10C473BB57,SHA256=DEE755AB4AA73216DBF68CB7D68F8B10069212474AAC222B7B838FEAF085ED7E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.491{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.485{D8DCB3A2-A2B7-60D0-9E10-00000000D001}6928C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/0038ff1c-88bb-4a08-8117-9aa50bb1935f/main/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\0038ff1c-88bb-4a08-8117-9aa50bb1935fC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000171566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.476{D8DCB3A2-A2B7-60D0-9D10-00000000D001}68766908C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9D10-00000000D001}6876C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-A2B7-60D0-9B10-00000000D001}68446884C:\Windows\system32\conhost.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.460{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.462{D8DCB3A2-A2B7-60D0-9C10-00000000D001}6860C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/e502362f-0590-4231-ba48-6a2f9c68183b/health/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\e502362f-0590-4231-ba48-6a2f9c68183bC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 10341000x8000000000000000171554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.458{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9B10-00000000D001}6844C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.454{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.438{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\Mozilla Firefox\xul.dll+dacfbf|C:\Program Files\Mozilla Firefox\xul.dll+dacdd5|C:\Program Files\Mozilla Firefox\xul.dll+dace21|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+3be061b|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3cc9fa|C:\Program Files\Mozilla Firefox\xul.dll+1b88c0e|C:\Program Files\Mozilla Firefox\xul.dll+d2773b|C:\Program Files\Mozilla Firefox\xul.dll+3ca586|C:\Program Files\Mozilla Firefox\xul.dll+4046a|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3 154100x8000000000000000171547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.452{D8DCB3A2-A2B7-60D0-9A10-00000000D001}6832C:\Program Files\Mozilla Firefox\pingsender.exe89.0.1-FirefoxMozilla Foundationpingsender.exe"C:\Program Files\Mozilla Firefox\pingsender.exe" https://incoming.telemetry.mozilla.org/submit/telemetry/9815869a-8e9c-40b0-b217-c6217aa5f4bd/event/Firefox/89.0.1/release/20210614221319?v=4 C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\saved-telemetry-pings\9815869a-8e9c-40b0-b217-c6217aa5f4bdC:\Program Files\Mozilla Firefox\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2MediumMD5=33D6759C45A7DB0673D0D5E5F75012AC,SHA256=0815D2E94B8F61F13B73CA541F837267DF29DE4D5BC3E882A751155D4057F1E9,IMPHASH=AF27FA7223A9B6FE80447A0E6715E632{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe"C:\Program Files\Mozilla Firefox\firefox.exe" 23542300x8000000000000000171546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.407{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\ProgramData\Mozilla\uninstall_ping_308046B0AF4A39CB_49112669-7057-4a07-b764-51fa1145c0d6.jsonMD5=4DD0CAEDEBF394FC228F588F1A37D4BC,SHA256=72600CDBD32328133F609021F5F7F9E6778D6717DAD8F5AB066D62557B0DC05E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.376{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\datareporting\session-state.jsonMD5=B08C46B12EC383AA9C3C962AF208E838,SHA256=08FF3262D269FE70E707D3E2DE35AE63B67B40CE77F2529A60ED05DE44930E3D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.355{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-walMD5=96A631EFBE9E68589198FB3D6FFF8366,SHA256=555CD90105C08351B9A6CA25126A8323A56564432C3B230296DDF9D7B1883C02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.354{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.sqlite-shmMD5=DE6FEFD64A2B0FAF2674C088E4680A61,SHA256=51896FDE08CE24F917357FE3456B6368E2D66921DF4D1D9D59AADB9FF6B7F097,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\xulstore.jsonMD5=05E1DDB4298BE4C948C3AE839859C3E9,SHA256=1C2C5D5211674C3C8473E0589085499471399E53E9A85D7DD3B075FEF6CBB6BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.338{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\webappsstore.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cookies.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\favicons.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.323{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\places.sqlite-shmMD5=B7C14EC6110FA820CA6B65F5AEC85911,SHA256=FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29f4ed9|C:\Program Files\Mozilla Firefox\xul.dll+29dad8c|C:\Program Files\Mozilla Firefox\xul.dll+4e71ba2|C:\Program Files\Mozilla Firefox\xul.dll+14a89f1|C:\Program Files\Mozilla Firefox\xul.dll+14aa8a3|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+2b4f2c|C:\Program Files\Mozilla Firefox\xul.dll+2b46ad|C:\Program Files\Mozilla Firefox\xul.dll+3bdd62a|C:\Program Files\Mozilla Firefox\xul.dll+3b24133|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 11241100x8000000000000000171534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txt2021-06-21 14:30:30.385 23542300x8000000000000000171533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\SiteSecurityServiceState.txtMD5=2DD29942B65088A0A109ECC5E7C0CF68,SHA256=FE24548702100615FE016FA0F75270EFF9984DCA224F02F56D8A16F890F00B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsYSw=MD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.307{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\cache2\ce_T151c2VyQ29udGV4dElkPTUsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.291{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Local\Mozilla\Firefox\Profiles\fkt9u72t.default-release\startupCache\startupCache.8.littleMD5=94B070311BCC0202BEC9354C04F4E2E2,SHA256=29F0458A44737C4398F44D6D8CF42B0179CCFB1924E8DFC69C48BEFEEAF1CF42,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.276{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388C:\Program Files\Mozilla Firefox\firefox.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+1a375|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A6-60D0-9910-00000000D001}6384C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 10341000x8000000000000000171522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+3ec001|C:\Program Files\Mozilla Firefox\xul.dll+121294e|C:\Program Files\Mozilla Firefox\xul.dll+12b34e8|C:\Program Files\Mozilla Firefox\xul.dll+29f9092|C:\Program Files\Mozilla Firefox\xul.dll+4788db|C:\Program Files\Mozilla Firefox\xul.dll+1c3f074|C:\Program Files\Mozilla Firefox\xul.dll+159862|C:\Program Files\Mozilla Firefox\xul.dll+105143|C:\Program Files\Mozilla Firefox\xul.dll+3b236e3|C:\Program Files\Mozilla Firefox\xul.dll+1055ba|C:\Program Files\Mozilla Firefox\xul.dll+1b5fb0|UNKNOWN(000001C79D931E84) 23542300x8000000000000000171521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.jsonlz4MD5=3E26B0CDE8A23DEFC23EFCF02D8E3384,SHA256=422DDA764FBBE61F5EB96CD252AA550C0D38C190751896CDEFC06F4D8FB02924,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.260{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\sessionstore-backups\recovery.baklz4MD5=3E31592036E7168AA81C15D75B2A1C0C,SHA256=455030ED72240DDA8AA01849405255CF671A00322108CE21C1C7D53EDD83FF20,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.259{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A2A0-60D0-9210-00000000D001}5192C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.255{D8DCB3A2-A29D-60D0-8E10-00000000D001}43883504C:\Program Files\Mozilla Firefox\firefox.exe{D8DCB3A2-A29F-60D0-9010-00000000D001}108C:\Program Files\Mozilla Firefox\firefox.exe0x2200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\Mozilla Firefox\xul.dll+51ef0|C:\Program Files\Mozilla Firefox\xul.dll+29fb17d|C:\Program Files\Mozilla Firefox\xul.dll+29fac87|C:\Program Files\Mozilla Firefox\xul.dll+daa3a9|C:\Program Files\Mozilla Firefox\xul.dll+da2669|C:\Program Files\Mozilla Firefox\xul.dll+400e9|C:\Program Files\Mozilla Firefox\xul.dll+1228f8e|C:\Program Files\Mozilla Firefox\xul.dll+12015df|C:\Program Files\Mozilla Firefox\xul.dll+3f4be|C:\Program Files\Mozilla Firefox\xul.dll+3c58d8|C:\Program Files\Mozilla Firefox\xul.dll+3c450f|C:\Program Files\Mozilla Firefox\xul.dll+39dc77a|C:\Program Files\Mozilla Firefox\xul.dll+3a79667|C:\Program Files\Mozilla Firefox\xul.dll+3a7abe9|C:\Program Files\Mozilla Firefox\xul.dll+3f13|C:\Program Files\Mozilla Firefox\firefox.exe+1594|C:\Program Files\Mozilla Firefox\firefox.exe+4c468|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:19.238{D8DCB3A2-A29D-60D0-8E10-00000000D001}4388ATTACKRANGE\AdministratorC:\Program Files\Mozilla Firefox\firefox.exeC:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\fkt9u72t.default-release\prefs-1.jsMD5=D41D8CD98F00B204E9800998ECF8427E,SHA256=E3B0C44298FC1C149AFBF4C8996FB92427AE41E4649B934CA495991B7852B855,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.669{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A61C7A598D2F0548CDF301EB78E54024,SHA256=71781DB82E7E4F2C03E679A0EC9B09B84B1AB2E5C13B46950801A44D235F3CB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.669{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=FB8332E4182B32EAA8CE57B163690788,SHA256=234B35BA662E82456C95526E11A8E682805D0D36F73CB2FD63CB1C6F37D65653,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.405{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.405{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.388{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E9CCBAD964D9CF35087397D1BB9C0CB6,SHA256=5A3E6B6E8B5F2CF2F43CDDF44AA4A26960879E6F77897560EB0EFDE4EF23EE51,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.544{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.310{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=F460667CD7EEA380C13F39ED1A252FD6,SHA256=56FECF0B7B27AE0F15A1269F9F636930B8C4EF8F087DED327855CAE8029518B3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.154{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50805-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:21.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1C984A5BA1DA33087820FC90797C7DEA,SHA256=94FC269F912CEBD0CD0614021AEE4A5CA3BF523DBD2E654478C298AFD991F8DA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.825{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 354300x8000000000000000171616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:20.280{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMudptruefalse10.0.1.14win-dc-385.attackrange.local137netbios-nsfalse10.0.1.1ip-10-0-1-1.eu-central-1.compute.internal137netbios-ns 23542300x8000000000000000171615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:22.216{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=962A93C2023859D49A113BA9C1480A52,SHA256=E36CA525E545EFD11D3C6EE417122CB5C61734E30F4585DB16F97FE9511AE254,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.857{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=52DAA864096D004FB7A2CCF61453F484,SHA256=840166805947EFE38AD54B656E6746963112128EAE833C1D49A1B39052DDC049,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.513{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:23.419{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=10CDD1E020F13F378B239CE9A53DB70A,SHA256=9C2EF1220B8728ED7EC0939284EF7AB21C63C3AB51E05F2A6D999FE776FAFF73,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:24.825{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=7DC0EBA803D877510E37084196101AC9,SHA256=E99A193C32BC73256F71BFFF341EA8AFEE0AD2A73BCBBDB490F136961F7CBD0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:24.482{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F4BE5D1FF2593B35D5802607C9073299,SHA256=3648EB704D574BD1775CC677FA43D76EDA224D4EA5EEFB8F0D8BF0E627D5792A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.497{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36A2F5C388922E5ED0966F23BB91367,SHA256=4F2D95EB6616983B6AB39C965AD474976DD17AF430E7C77A0599BEC62296A723,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:26.513{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=674883657254F5B80409D9DDC339F94E,SHA256=5625A702D57D0652A0070C0A6AD7CE4CB66C38DE80FD73FD687E9C0BBE7130B6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:25.217{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50807-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000171635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:26.357{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=650C37F98D3194269313AC055634D56F,SHA256=2492BEC9383A60DB5C790E843034358B63546E866F96E1472454EA8FEFA4BB02,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000171640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000171639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000171638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:27.544{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CD6E32F51D1AA8F70EC8E1235A9783ED,SHA256=F17CE0C49E83358D4C48F55C11582AD1D79FCE141955060A7FC555E902738CF8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOPrivate\UpdateStore\updatestore51b519d5-b6f5-4333-8df6-e74d7c9aead4.xmlMD5=9608F77DB2512D1A4AE34FF96B1D8AA1,SHA256=A3B3589CD8B4CD1AC47043DB0FE3412274A1CEE764B558B44FFD8FA0D85B1066,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.2.32.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.982 23542300x8000000000000000171866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.2.32.0\.argumentsMD5=CA19F80971E26BE384996F690D0D250E,SHA256=11489F31B761FEA057570062F8A18EB2F8C367972ADDABA961B5CD2D0E2CF079,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.966 23542300x8000000000000000171864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\ETLLogs\AutoLogger\AutoLogger-Diagtrack-Listener.etlMD5=C7DD7FF095DB32CFEA8586735A397FA3,SHA256=87A6388338FFA5C94A31687325F3BA5D92DFF53DDB9047B0CD7A35DD3372768D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AvailableDriveLetter.ps1MD5=2F386746AFC2ACB9561DFB245239B93F,SHA256=4BAEDDD946417D9AA51FF7D50791289FF102CCDF4EFE086C2653E15C711D6505,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\USOPrivate\UpdateStore\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.950 23542300x8000000000000000171861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOPrivate\UpdateStore\UpdateCspStore.xmlMD5=B4FCCF94BE262AEBAB7E6C18FB733E02,SHA256=CDAF690C2F250118E47B03CC9E653F4E521F6EDF3C2013F0A23FC676E39BA9FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.install.2.32.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.950 23542300x8000000000000000171859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.install.2.32.0\.argumentsMD5=7D611176744F1C38B0E2935E4D81C606,SHA256=66641828467AA9295EA0C50178F6DDCB55371A4AFF0442B4F07B0B6F414CDEC7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-AppInstallLocation.ps1MD5=D036C97BC50A3731BF69A15417F60E72,SHA256=0FFB210BD76AB0214F5AC2361108A6303CED5DEBBF04B62D3C99042F799718BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.935 23542300x8000000000000000171856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\Firefox.89.0.1\.registryMD5=F43842024A3E936B93D42E73AD3013E7,SHA256=27E8097DBD74B4C687BC77D5728E8F784F27A16E7D137D68B89DBF9258E53AD2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\chocolatey-core.extension.1.3.5.1\.filesMD5=EB68AD528947DBF71237391394F294D3,SHA256=D7298BBD46BC9A5CE5CA1064C7DB1C63A0225A2F2D0D2329E8C1C1F58FF76E1D,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\en-US\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.919 11241100x8000000000000000171853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{20b0b626-5984-4e9d-8bec-73647e598358}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.919 23542300x8000000000000000171852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{20b0b626-5984-4e9d-8bec-73647e598358}\state.rsmMD5=F78A97F4B1D071FF63E57711C97304CD,SHA256=2898749E47CAB337F5D8F40DE7737AD8D4A04E0CC60141B94A4A6A127979AB1A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.903 23542300x8000000000000000171850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\chocolatey-core.psm1MD5=8007E67FDE249548DBF78D1DC8AFDCCC,SHA256=376E6EDA567DDDD6AA70CFC9EC5380CE0EB1383BE83C2FBDC87F6FC79252E4E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.903{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0C7C6A553A9A5029B10ABF8330F5E89A,SHA256=91F3FFAEE303E821E2CB1D820DF7E8C64123E39B0F8914E03EA623B6B86A2D69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\Firefox.89.0.1\.filesMD5=D8271D6E25B4B5F4D4AFA8C696F7CA6E,SHA256=C5447BEBDB3C35330CDFAC740CF8010144C08D6C08F88EBCDF9FF9DEF0364FC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\utc.app.jsonMD5=0CF4AB1504A90C3D463D04060A216D34,SHA256=90901E092A9F284E33516B19C356B96E4CC66F6A22439085AF96D39FB2BD6F3A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\regid.1991-06.com.microsoft\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.888 23542300x8000000000000000171845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\regid.1991-06.com.microsoft\regid.1991-06.com.microsoft_Windows-Server-2016-Datacenter.swidtagMD5=50E79797770B14E79893EE24A4283647,SHA256=7234E7618FFD92AABC1349DFD1A795D702424D6F7803D8B0593F39E3EC9A3730,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\config\chocolatey.config.backupMD5=33B992C71B880475476CFD32FCD8076B,SHA256=959B7AE2E76994C45E5953A5E410D08705A05D763FBC42FE604D8C12F74CC5A8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\Firefox.89.0.1\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.872 23542300x8000000000000000171842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\Firefox.89.0.1\.argumentsMD5=F68FD3949910DD09F2E02BFA73539079,SHA256=ED64C88E974B14545C74124DFE15F261466CE34AB9FE192BD565F4DC9564EA27,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\chocolatey-core.extension.1.3.5.1\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.872 23542300x8000000000000000171840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\chocolatey-core.extension.1.3.5.1\.argumentsMD5=EEEA1EEBF274FE4AC3C661F43016CBCB,SHA256=9948DE4BD06B595524FB2812DCA0EA70F7E25E70C5A14CC1F60C0E17C5F96244,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{09259595-ce26-4705-b47e-59d9e3ccebb9}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.857 23542300x8000000000000000171838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{09259595-ce26-4705-b47e-59d9e3ccebb9}\state.rsmMD5=526D4CB9F8A277318FF47CE1204B800D,SHA256=3E4A9C494CD6C46A146B52E8E2DE943484E88AE8295CA50CE3F8E42878C076A4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.install.19.0\.registryMD5=F8565029A0E4BABD421F748D957B4D63,SHA256=16631F91AA31ED7A441479E47C03E3CC263DEF737CC4BABA462503849F96D0B1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.841 23542300x8000000000000000171835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\telemetry.ASM-WindowsDefault.jsonMD5=11E0AEA474B9F39C06B30B28C9D1E2A3,SHA256=DBA1F9BCF2D639CD89EFE17CB538C1672077F94E9BFDAAA714FCE07F2353DF2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\update\8de4ea7c3f1cf9a3734c1bf2ab7ee1f7e1b827c6.etagMD5=AB87DA453FC9B0149FF7F94BB33CBDC4,SHA256=45DE49BC6FAB554F61993E4CBA544819DB9E9DD9D009F892237E1C97292CACA6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.825{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Searches\Indexed Locations.search-msMD5=B6ACBEB59959AA5412A7565423EA7BAB,SHA256=99653A38C445AE1D4C373EE672339FD47FD098E0D0ADA5F0BE70E3B2BF711D38,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.825{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=235E190CE6F74DB21B813FB00A47233C,SHA256=0B59584D29D8097B8E7B86391EFDF3DF77EFB66C192FD831F2468B30CAB98AD3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.825{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.529.0\uninstall.ps1MD5=D4F135D3A8A2A6ECC73F4D6A1E44BDA4,SHA256=AEB6E29E3BF2ABF54E1B9861DF319E3319A4DD815D38AE0A84EB2E47E535026E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.529.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.810 23542300x8000000000000000171829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.529.0\install.ps1MD5=62562B69FA974177A243DFA20693399B,SHA256=4A74B1BCB4548F583525DD06F262C59683F83F88DA9DCAA74ECE1073BD1EE2CD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.798{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\config\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.798 23542300x8000000000000000171827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.798{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\9f287b2e-6e6c-4bc1-988d-234d3e83de2a\awsrunPowerShellScript\0.awsrunPowerShellScript\stdoutConsoleMD5=4F57DA3A758FDBA4C2B14EE5805D0A81,SHA256=63A1B942CDE71B80B2941E7612D5825AE46C5471CD7BCC8DB62E3EE2EA9DE5F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.798{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\config\chocolatey.configMD5=78E591860832608EBC49DDDD9FC0E1DB,SHA256=CCB5F71CE184E151412A8F04144011BA4DA50371C20EF12778D276577F691F9A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.798{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.install.19.0\.filesMD5=FA2C79B3F61C62E55C44D4552A61CF49,SHA256=EEEAA274497232E8A9AF77AB595F656439A70B0E5C7EC7DD598350B732FA7E67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.1124.0\uninstall.ps1MD5=D4F135D3A8A2A6ECC73F4D6A1E44BDA4,SHA256=AEB6E29E3BF2ABF54E1B9861DF319E3319A4DD815D38AE0A84EB2E47E535026E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.763{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.763 11241100x8000000000000000171822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.747{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.1124.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.747 23542300x8000000000000000171821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.747{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Update\amazon-ssm-agent\3.0.1124.0\install.ps1MD5=62562B69FA974177A243DFA20693399B,SHA256=4A74B1BCB4548F583525DD06F262C59683F83F88DA9DCAA74ECE1073BD1EE2CD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\9f287b2e-6e6c-4bc1-988d-234d3e83de2a\awsrunPowerShellScript\0.awsrunPowerShellScript\stdoutMD5=4F57DA3A758FDBA4C2B14EE5805D0A81,SHA256=63A1B942CDE71B80B2941E7612D5825AE46C5471CD7BCC8DB62E3EE2EA9DE5F7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\update\782538e7abf4f94d71cc3c4fd6b2b6082366fe9f.etagMD5=C225856CA0FC644F0824AE47815ADA7A,SHA256=CC460806DB3F93C50930F237F49A9CD26CE3C15D2405CA4BF9A21BB60833BA6A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.716 11241100x8000000000000000171817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Searches\Indexed Locations.search-ms.reddot2021-06-21 14:31:28.716 23542300x8000000000000000171816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\bin\_processed.txtMD5=29865ED837AFD9B09E6B48CD91F16D2F,SHA256=4683DE8078F986823135C5036253C89FFA2A98CE1DE537C624A3394320BD9CA4,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.install.19.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.716 23542300x8000000000000000171814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Logs\audits\amazon-ssm-agent-audit-2021-06-21MD5=44F753ABE72ABC39082473452A95DC62,SHA256=193C3A42C15E962D7C07FD50AE3F80C3B6A91300D0D4CD04C43E955662346E25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.install.19.0\.argumentsMD5=93B7B34AC1F5177D2F1BE688DB211933,SHA256=8CD7C997F1DF42DA2ED90124A3D7B157E94696D485EBC8F91EB7805B291680A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\update\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.700 23542300x8000000000000000171811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\9f287b2e-6e6c-4bc1-988d-234d3e83de2a\awsrunPowerShellScript\0.awsrunPowerShellScript\stderrConsoleMD5=1003E0CC4D53E087177663C6CE28630B,SHA256=A2F5BD058B38FFA76288E5BD9A38212138896B1FC56D61D17F634E4B28EE8312,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Searches\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.700 23542300x8000000000000000171809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Searches\Everywhere.search-msMD5=0FA26B6C98419B5E7C00EFFFB5835612,SHA256=4094D158E3B0581BA433A46D0DCE62F99D8C0FD1B50BB4D0517DDC0A4A1FDE24,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.19.0\.filesMD5=DA91DD086795F1C0D37FF9B1C8028427,SHA256=96C0084441CE2460FD6D3AF6ED82170BFA6B4206913E161907675A6D9DB6BC8E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\9f287b2e-6e6c-4bc1-988d-234d3e83de2a\awsrunPowerShellScript\0.awsrunPowerShellScript\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.669 23542300x8000000000000000171806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\9f287b2e-6e6c-4bc1-988d-234d3e83de2a\awsrunPowerShellScript\0.awsrunPowerShellScript\stderrMD5=1003E0CC4D53E087177663C6CE28630B,SHA256=A2F5BD058B38FFA76288E5BD9A38212138896B1FC56D61D17F634E4B28EE8312,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\bin\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.669 23542300x8000000000000000171804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\bin\RefreshEnv.cmdMD5=B4326546C3A252494DCD512976F8B89A,SHA256=9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.653{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Searches\Everywhere.search-ms.reddot2021-06-21 14:31:28.653 11241100x8000000000000000171802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Public\Libraries\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.638 23542300x8000000000000000171801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Public\Libraries\RecordedTV.library-msMD5=E82838FFF7C5AB5FC7D753B3DEE5C017,SHA256=8D418896F5A3390A1F49E714F407995D8504C638F45ED606138656787AD2B250,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Logs\audits\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.638 23542300x8000000000000000171799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Logs\audits\amazon-ssm-agent-audit-2021-06-18MD5=962F18122307CE59E348D1C24BA3D52C,SHA256=CF204781FCB2721F9EE70D3B2117B8291CFF8869C3B89DCA17E0FA2F07AB21B0,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.19.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.622 23542300x8000000000000000171797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\7zip.19.0\.argumentsMD5=6B383026FD93EAF5C6F7A6BEB279C6E0,SHA256=58BF4EE72F734108F300BB4B2BE56F0EA6F0252648AA5FDF0C9249417C12FA2F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.622 23542300x8000000000000000171795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.607{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Links\Downloads.lnkMD5=859920D477EE7ED0174243DFF586E5E3,SHA256=1F8B2760E210762D02665D55224973A3EE73E43B7E0F5398AF35E86861B7CB50,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\464bf7bf-2e94-487c-9df2-743c14bad123\RunSysprep\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.591 23542300x8000000000000000171793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\464bf7bf-2e94-487c-9df2-743c14bad123\RunSysprep\_script.ps1MD5=BF6D6DD0428D039623D9EBA576153F72,SHA256=609A6D83F778607E16BB37A4D13F82B04945C2F3523BCC49491697FC3A36A7BA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Public\Desktop\Firefox.lnkMD5=9F5D2C3990F4AAB608ED48DB9315391E,SHA256=545377C2762688C32E70D560793BC55F9D1F6DAF9B279CED6590FB2364A21F61,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Logs\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.575 11241100x8000000000000000171790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Links\Downloads.lnk.reddot2021-06-21 14:31:28.575 10341000x8000000000000000171789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882120C:\Windows\System32\cscript.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 11241100x8000000000000000171788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Links\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.560 10341000x8000000000000000171787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}53882120C:\Windows\System32\cscript.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 23542300x8000000000000000171786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Links\Desktop.lnkMD5=D5CF13D810C697DFC19F42E6D44FE391,SHA256=CDE1DBC52A9ED24304BE4A6EB10EBDD3C80F7016F136519CA3504F04539988E9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.544{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\LICENSE.txtMD5=B4ECFC2FF4822CE40435ADA0A02D4EC5,SHA256=A42AC97C0186E34BDC5F5A7D87D00A424754592F0EC80B522A872D630C1E870A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.544{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\464bf7bf-2e94-487c-9df2-743c14bad123\awsrunPowerShellScript\RunSysprep\stdoutConsoleMD5=996200DC7D2C72C6B9C3E5223AFEC966,SHA256=3CE55C6E4EBA6AE78EE0A740C1169D7E2B1F206D057DD387EDC40BEB08590B20,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.544{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Searches\Indexed Locations.search-msMD5=B6ACBEB59959AA5412A7565423EA7BAB,SHA256=99653A38C445AE1D4C373EE672339FD47FD098E0D0ADA5F0BE70E3B2BF711D38,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Links\Desktop.lnk.reddot2021-06-21 14:31:28.528 11241100x8000000000000000171781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Favorites\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.528 23542300x8000000000000000171780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Favorites\Bing.urlMD5=5D42DDDDA9951546C9D43F0062C94D39,SHA256=E0C0A5A360482B5C5DED8FAD5706C4C66F215F527851AD87B31380EF6060696E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\AppV\Setup\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.497 23542300x8000000000000000171778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\ae66d3b327d555cf4be105b1211512bcf4397618.etagMD5=A8C5258C50DBE9D5FC36A5E0FE59F35B,SHA256=1385A6EEC8827C5EB9192A8964663D41B93B588D0D3461141CE4F6655430A2B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.482{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\CREDITS.txtMD5=BC85F4A97C8028049950FB665E6E8F38,SHA256=155AF0552467A242A9FA43FD34B4ED707E7DF729AD0759369E83C4C4CC940E96,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Favorites\Bing.url.reddot2021-06-21 14:31:28.466 23542300x8000000000000000171775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Desktop\EC2 Microsoft Windows Guide.websiteMD5=6AC107E9FBC6495E52A292C173D94597,SHA256=5BCEB76F1900054920F86A5DBCB228FFA418252C59514F54881139D5EBB7E4BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Links\Downloads.lnkMD5=A635FD0E3721418766B2D567F8E1311E,SHA256=534E954404BC7A8E6E44FBD74FB3F355DA6F2C0D094DA8359A9D69FF16E74022,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\464bf7bf-2e94-487c-9df2-743c14bad123\awsrunPowerShellScript\RunSysprep\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.419 23542300x8000000000000000171772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\InstanceData\i-0b451dd7b75f0dbd1\document\orchestration\464bf7bf-2e94-487c-9df2-743c14bad123\awsrunPowerShellScript\RunSysprep\stdoutMD5=996200DC7D2C72C6B9C3E5223AFEC966,SHA256=3CE55C6E4EBA6AE78EE0A740C1169D7E2B1F206D057DD387EDC40BEB08590B20,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\Searches\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.419 23542300x8000000000000000171770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Searches\Everywhere.search-msMD5=0FA26B6C98419B5E7C00EFFFB5835612,SHA256=4094D158E3B0581BA433A46D0DCE62F99D8C0FD1B50BB4D0517DDC0A4A1FDE24,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Desktop\EC2 Microsoft Windows Guide.website.reddot2021-06-21 14:31:28.403 23542300x8000000000000000171768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Default\Desktop\EC2 Feedback.websiteMD5=BDB4E0C31C009138AA84C54F4A4D676B,SHA256=A27939E9DCAE819D98EE073700194771D53C1F53EE7BDE3425FCD4F25859CC54,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.403 23542300x8000000000000000171766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Amazon\SSM\Download\84a948e241c18afc0a2f5640c5cadcfc0bb222eb.etagMD5=D235D2B6CC17E9724D005F979B3FC2FE,SHA256=2A23227D882203C1E42AD860FCE504427527463E86F9D3233FBF5FA51B62A59B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\Links\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.403 23542300x8000000000000000171764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.388{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Links\Desktop.lnkMD5=93C862E12DC8B69A12614AAD918B5972,SHA256=3EBC7ABCA4CB78B41F9C2F2A25C9A2DE51F598D33C67654D336F3BDFBF8EE160,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\Favorites\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.372 23542300x8000000000000000171762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Favorites\Bing.urlMD5=5D42DDDDA9951546C9D43F0062C94D39,SHA256=E0C0A5A360482B5C5DED8FAD5706C4C66F215F527851AD87B31380EF6060696E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Desktop\EC2 Microsoft Windows Guide.websiteMD5=6AC107E9FBC6495E52A292C173D94597,SHA256=5BCEB76F1900054920F86A5DBCB228FFA418252C59514F54881139D5EBB7E4BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\test.ps1MD5=F47A134635F7AB2DCEA8B0E914E44C66,SHA256=1B95F16103B97EF01EC0BEC2BE2401E33D86D362728203903293E4837EC50CC7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.372 23542300x8000000000000000171758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\choco.exe.manifestMD5=468AE8D458588BBD289798BA10E7AADF,SHA256=3CE3072400490AF1B2FDD0CB219984CDBD97982A608499173B07319DD741736D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\test.7zMD5=7E5DE4B18180AD0CEA53E8C5865E8D9E,SHA256=7D85F91C02D0B9C600456FC1EBE7EB3E8BEC9501FE1C32B9DFBB2333FF3A7324,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\test.batMD5=E9A5ADEF5E969393DC620AEBE6E0410A,SHA256=0999859E0E22484ACE24768ACDF5F7E99F3FCDE9BFCEFB2E9063958609E22906,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\dasdasd.js.zipMD5=A8906FE2BB76DEEC63F28ECDA54DC468,SHA256=CF3073C11E617FCCCBE2DD3D536E4610D5E48F402BC288A94F62689D3E8BDB15,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localDefaultUserModified2021-06-21 14:31:28.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Default\Desktop\EC2 Feedback.website.reddot2021-06-21 14:31:28.341 23542300x8000000000000000171753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\susp.7zMD5=61F0EF19C37B5B16177A810A459E4435,SHA256=CA2E5195E03B0EAEA90B03F4C9B8637C7C6C18CD5FC1D6A54E2D4EED00616025,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Users\Administrator\Desktop\EC2 Feedback.websiteMD5=BDB4E0C31C009138AA84C54F4A4D676B,SHA256=A27939E9DCAE819D98EE073700194771D53C1F53EE7BDE3425FCD4F25859CC54,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Recovery\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.325 23542300x8000000000000000171750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Recovery\ReAgentOld.xmlMD5=5674A13F3189A754BDAA8B65694CAC71,SHA256=9F6B64F2DADC284F74B84A8F8D9AC2DD0BB164682455A0369AC81464B4E27CF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\sh.7zMD5=40AF9CA47D30583E82649C4136F687A5,SHA256=F9492A420CFD34A8270B19DB984713D00E3D478EB5E299F21F3B793E6D1FE563,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\susp.batMD5=E8B3DD1964FB196AEE80F54B58568A61,SHA256=3FA21518D7738A91DA03D85445A8371C36D2818FE5B7B4557382319490165DF4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.310{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\terraform_129537785.cmdMD5=F3B25701FE362EC84616A93A45CE9998,SHA256=B3D510EF04275CA8E698E5B3CBB0ECE3949EF9252F0CDC839E9EE347409A2209,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.310{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Temp\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.310 23542300x8000000000000000171745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.310{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\Temp\sh.batMD5=8278C259A46871722E51386F733CE9CB,SHA256=ABD5139939EC7573C059C9A03A11DF2E6EBB5F8D5002DEF25775A42356810F8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ConfigureRemotingForAnsible.ps1MD5=08886212028BD3AA05CFE06DE6E06FD5,SHA256=55EC2FB3093D82E90D51DC86FC2769839D4E77C43075EC6FB4AFDE9C695FF605,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\caldera_manx_agent.ps1MD5=6AD07097CEA7A6CB6979C3AC69D8D72D,SHA256=1486E9F02BC766DFA0D120B156487E3C59B9AD85CA3157D833C62E4B83EC710C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.247 23542300x8000000000000000171741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\caldera_agent.ps1MD5=9294487DA7B23C6DC47040B8AE6D4CEC,SHA256=3008ACD5FBB98120EAB50E5E7D008E2F28A5E1A63395B858287C550C95841BCB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\AppData\Roaming\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.216 23542300x8000000000000000171739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DD51C24BF382826E6A9AB99FD96CC28,SHA256=9101F8A51EB2601FD8F7D05EF3C4B828B4B18F3FC6E6566E6DBD8CFD0D501637,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.122{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.122{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+fc741|C:\Windows\system32\wbem\cimwin32.dll+fbc06|C:\Windows\system32\wbem\cimwin32.dll+45c9e|C:\Windows\system32\wbem\cimwin32.dll+45608|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7 10341000x8000000000000000171730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A2C0-60D0-A310-00000000D001}5888C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A2C0-60D0-A210-00000000D001}6240C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A2C0-60D0-A110-00000000D001}6232C:\Windows\System32\net.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A29D-60D0-8B10-00000000D001}2388C:\Windows\servicing\TrustedInstaller.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A296-60D0-7510-00000000D001}5076C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A292-60D0-7410-00000000D001}5452C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A292-60D0-7310-00000000D001}5552C:\Windows\system32\vssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4D10-00000000D001}5848C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1D10-00000000D001}4644C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A1FF-60D0-1C10-00000000D001}4900C:\Temp\testsysmon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A125-60D0-0310-00000000D001}3092C:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-D00F-00000000D001}1292C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A90F-00000000D001}2304C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A10E-60D0-A80F-00000000D001}5012C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A031-60D0-8A0F-00000000D001}3428C:\Windows\system32\wbem\unsecapp.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-9FB6-60D0-6E0F-00000000D001}6008C:\Program Files\Notepad++\notepad++.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9900-00000000D001}4400C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45EA-60D0-9600-00000000D001}4280C:\Windows\System32\rdpclip.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9200-00000000D001}3852C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45E8-60D0-9000-00000000D001}2432C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-45BE-60D0-8400-00000000D001}1272C:\Windows\System32\msdtc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-4100-00000000D001}3512C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3D00-00000000D001}3448C:\Program Files\Amazon\SSM\ssm-agent-worker.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4545-60D0-3C00-00000000D001}3400C:\Windows\System32\vds.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-3000-00000000D001}1232C:\Windows\system32\dfssvc.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2F00-00000000D001}1152C:\Windows\System32\ismserv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2A00-00000000D001}2884C:\Program Files\Amazon\SSM\amazon-ssm-agent.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4544-60D0-2500-00000000D001}2776C:\Windows\System32\spoolsv.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-453D-60D0-2300-00000000D001}2612C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4538-60D0-2100-00000000D001}2496C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4537-60D0-2000-00000000D001}2488C:\Users\Public\splunkd.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1F00-00000000D001}2112C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1700-00000000D001}1392C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1400-00000000D001}1092C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1300-00000000D001}912C:\Windows\system32\dwm.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1200-00000000D001}756C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1100-00000000D001}404C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-1000-00000000D001}412C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0F00-00000000D001}324C:\Windows\System32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4534-60D0-0E00-00000000D001}996C:\Windows\system32\LogonUI.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4533-60D0-0C00-00000000D001}828C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.107{D8DCB3A2-A281-60D0-3110-00000000D001}33965680C:\Windows\system32\wbem\wmiprvse.exe{D8DCB3A2-4532-60D0-0900-00000000D001}564C:\Windows\system32\winlogon.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\cimwin32.dll+f9227|C:\Windows\system32\wbem\cimwin32.dll+f89b7|C:\Windows\system32\wbem\cimwin32.dll+455c1|C:\Windows\SYSTEM32\framedynos.dll+57d2|C:\Windows\SYSTEM32\framedynos.dll+b171|C:\Windows\system32\wbem\wmiprvse.exe+b13c|C:\Windows\system32\wbem\wmiprvse.exe+ad6b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\combase.dll+2800|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000171669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4534-60D0-1600-00000000D001}13043416C:\Windows\system32\svchost.exe{D8DCB3A2-A2C0-60D0-A310-00000000D001}5888C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2C0-60D0-A310-00000000D001}5888C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2C0-60D0-A210-00000000D001}6240C:\Windows\system32\conhost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2C0-60D0-A210-00000000D001}6240C:\Windows\system32\conhost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-A2C0-60D0-A310-00000000D001}58886272C:\Windows\system32\conhost.exe{D8DCB3A2-A2C0-60D0-A110-00000000D001}6232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-A2C0-60D0-A210-00000000D001}62404260C:\Windows\system32\conhost.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A281-60D0-3110-00000000D001}3396C:\Windows\system32\wbem\wmiprvse.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.091{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2C0-60D0-A310-00000000D001}5888C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2C0-60D0-A210-00000000D001}6240C:\Windows\system32\conhost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042088C:\Windows\system32\csrss.exe{D8DCB3A2-A2C0-60D0-A110-00000000D001}6232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2C0-60D0-A110-00000000D001}6232C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.087{D8DCB3A2-A2C0-60D0-A110-00000000D001}6232C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use "\\WIN-DC-385\SYSVOL"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-45E8-60D0-8F00-00000000D001}30045748C:\Windows\system32\csrss.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.076{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|UNKNOWN(00007FFDBEE4069B) 154100x8000000000000000171646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.081{D8DCB3A2-A2C0-60D0-A010-00000000D001}6224C:\Windows\System32\net.exe10.0.14393.2430 (rs1_release_inmarket_aim.180806-1810)Net CommandMicrosoft® Windows® Operating SystemMicrosoft Corporationnet.exe"C:\Windows\System32\net.exe" use "\\WIN-DC-385\NETLOGON"C:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=C6B6DAA95CEA707F8D986D933E4A9596,SHA256=FDDC5F29F779A6EF73D70A2C551397FDEE63F549F2BCE4FE6A7AEEDC11F4F72E,IMPHASH=C41B15F592DE4589047CE5119CE87468{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 10341000x8000000000000000171645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.060{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.060{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.060{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f86b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.060{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+f71b|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172035Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-EffectiveProxy.ps1MD5=3895F062D2D91D9D32D1FC57A619066C,SHA256=83A4A58547F802155A275D258E0D958D568F2A0FB4829F967A9EFCB56F3555A9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172034Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyDesktopLink.ps1MD5=944B0E52C00B862116F478D7DE9674C2,SHA256=DB99889BF3698C89CCDEED341A443D9DEC1CDB3828BBA9F908F0756CA1BEF4F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172033Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.037.etlMD5=6D8078D1D46C2BE62E2B153BB436A698,SHA256=518CF3D4CDEAC0C95143816DF584654D6FEC77759232BE4D2174CBFCE6C3F9F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172032Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.034.etlMD5=D76307F8F8529A1170AEB5B5F04F7403,SHA256=9B4391E4885BD5E521F07225AA4A09555532EA1A0B5F5D0B518C08D26FF72A15,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172031Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.035.etlMD5=738277E3C9BD456A5CF77AA62FBF116D,SHA256=322A18DD4A9D34D211C6379F8DF4F297124B7DF5F655B19706DECE37F7D39DA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172030Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.023.etlMD5=3245C932F4632D152CED578450BB29DC,SHA256=ECACB8F306D0A6897ED67F0344C7D28B29D5EE6C92FBFD09915DCD35C07517BF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172029Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AvailableDriveLetter.ps1MD5=2F386746AFC2ACB9561DFB245239B93F,SHA256=4BAEDDD946417D9AA51FF7D50791289FF102CCDF4EFE086C2653E15C711D6505,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172028Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-BinFile.ps1MD5=818606D6DCB34E3435D081A779CD1C0D,SHA256=D37CE9EEDF14E34432054A3B9BC14D51C00348BF20C2B5F78FBD37CFFD5BAE80,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172027Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.030.etlMD5=D3DB4E330E9D4501107B1DF1E8AAC3A1,SHA256=088FBB156ED4F93A7C0D968A52C228A18FE4E1F229879B6C4BF38FE696F379EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172026Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.032.etlMD5=60C75E670D1D9FA893C45784AA22AF53,SHA256=84094FB1D09A307C097A682AC2C9A0487B9EA0DCEF005F8230E1DAAA41E73DE1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172025Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.033.etlMD5=1E65E5552BE711E1263D5F6712F6FCA9,SHA256=AFBFC7D653631FCA5098133582A09B966B4040358BC69F6FAF9D2B507D657EA0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172024Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.919{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=325BF42E61CE9D32B0B34FD395F9CB7F,SHA256=325FAC999C5B8A5C10747FDE51F0ACCDDED7718F3D7A38448128A0528D2C19E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172023Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-AppInstallLocation.ps1MD5=D036C97BC50A3731BF69A15417F60E72,SHA256=0FFB210BD76AB0214F5AC2361108A6303CED5DEBBF04B62D3C99042F799718BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172022Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.022.etlMD5=7C0547EFC11236FC958DCD61386915AA,SHA256=C0AC6439A2DAA1691DEE6D55E491C5E091143324259CA3F71B102D21EB60CAE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172021Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebHeaders.ps1MD5=982E06170BE7879B316D73643A38E311,SHA256=EA1758ACE22AD84B90B908DA5D41D2E95B7A82DB959A3F452D7FB8FED82C0283,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172020Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.029.etlMD5=2664CFC084A927BA773C777F72E411BA,SHA256=30B6FDCA2A70C802EF5C69CECDEABC42D4FADBD3AE27B44D8ED5F568A8006B42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172019Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.031.etlMD5=25475B72523517C4C39E7DD98308065F,SHA256=9C5251AD51598895BEB9EE58AF9146CD970156D1823DF03D9FA7B46B9E209FEC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172018Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.028.etlMD5=1F238D41904D4D814B990595EF425405,SHA256=8430B1F3245B7D4794FEEDEC015351BC30A81C31B651101095EB195558C9A84B,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172017Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.888 23542300x8000000000000000172016Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.021.etlMD5=DD84E4892A3718011832CC43731C6E73,SHA256=EA40346FEEC92985CDB6C186E99E596FA3CCFE36E6B9CE653898D1C69CF28427,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172015Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\chocolatey-core.psm1MD5=8007E67FDE249548DBF78D1DC8AFDCCC,SHA256=376E6EDA567DDDD6AA70CFC9EC5380CE0EB1383BE83C2FBDC87F6FC79252E4E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172014Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.018.etlMD5=75A646020A1407B8E629313D88EA3AEE,SHA256=2920C9240F26B801F106AC21691ADC97EC0DF6A85A8E4A37E9F11F348FC5410B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172013Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFileName.ps1MD5=951F2BA6BE462D537AC82E1F004F021C,SHA256=4D48AD74CB76AC0851719D38FA75C83BE9E80FF2F957031442C3735E9C07B984,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172012Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.016.etlMD5=0F43C5EB730A82BAF729E4A3DC148B86,SHA256=176EA1F00CF65008E92C330DC2D3172E760264D9913C818BBEFE974B78F6660D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172011Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\chocolatey-core.extension.nuspecMD5=D71F7B1D873058AA1A6CE4EA7CD21AE8,SHA256=55271C46E4471E534F5B9A2B5FE3A202D76540DC218EBEE2A8AFC953F55E2587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172010Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.019.etlMD5=B3A1C326A52B2D25BCB6EB2CEE5E6E6F,SHA256=32FB0715C0B6A9EC0D67AAA9636C5CC29EB8DECD59A59962AB704E844D558DE8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.020.etlMD5=CEB69CF68D2ADA6250A6CFD1A1EFDB4A,SHA256=39E4F8BF478331B6A7592995DD269DAA9A734ED76260F16ACB19C48A592A8BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.825{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-WebFile.ps1MD5=5DE64EF25FF048902DAD3D82C60E853C,SHA256=EA55F225AED20C6B37907FADFADE038970E6324E5D2636CCFFBD2C82F1CA444A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.017.etlMD5=8F7741BC325F51472213BFDDDB9435C0,SHA256=050DC5C3BFCCC51731A4F736E5592C1E5CD6ED149F724AE6FDCC50454C83D2F2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.008.etlMD5=6DD512D5AB8CFEDC49E50373895A50FA,SHA256=B8176D05DC70710F0BDC9FCF22D38B192DD715D1E254A721CFC97D1E94ABB88A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.794{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F0D0D2B8302A9A8B3C4972C23A52370,SHA256=C8E60372AA632A732A094F5F5E32A88F8F44062FA0F85768E0098998FB7C5448,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.015.etlMD5=4500B0D4A254C7C4FD7FCDF8D754862B,SHA256=70AC6EFC3C777C8773F055EC60C8AD5C59B18B31A8B80E9D922963E305B53F72,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-VirusCheckValid.ps1MD5=CC01EB372C9B471DBB608A4E728A62EE,SHA256=E48AF1A7B8956E87C4BCCD991AA2847A7E0D018D81FD0A8DA17604C6828EE598,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.778 23542300x8000000000000000172001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.014.etlMD5=53F1D908D1CFA958B55B17006CD846BF,SHA256=4D93792EF20BCFBA749811D88BECC9E0A7CB27EB4DC7E0573D30302ECE198E86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.778{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\chocolatey-core.extension.nupkgMD5=7F066B11D65D07704BDB0A9D8FB4437F,SHA256=5ECEF3B776508CEBC4B52E9AC7F04D213C2045A6765F12E17545A5FBE2F41928,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.763{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.007.etlMD5=726498AF438DB4FA8D9222F604970282,SHA256=31A1D788C5CF788EA879E988EC835B91EEA5A616D1842AFBA43C1E6A273009CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.763{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.013.etlMD5=714F41F7B06D2A4EEE9BCDAA10830E64,SHA256=C1CEF4B25B67251F1C280C620167758161EFD8C5DAC9D91E7D6E10D14F2410ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.763{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.012.etlMD5=46EB05D92515D7847D9B62817D1C5AEE,SHA256=EA31A12DA5BF41B1471F3C9AE8FBA5566CFBA96C21E2CAA60F24F28138BD5F1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.747{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-UninstallRegistryKey.ps1MD5=7E2788D060AD2188F49894706E66A995,SHA256=0A18F8D70F6DB634F56C420CB86526C714AD1E183D5A21842CA7CE04C00F0B1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.747{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyUninstall.ps1MD5=9575DFA835A44C14B24732DC994B5C96,SHA256=F107CE0197A19388DBD6EBEF2D9C2AFD7E7D1588AB49D2C1818748B5DAD85D66,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.006.etlMD5=E8479984F64746E8CD216A5CAEE5A355,SHA256=B36ADDC858DCF9E4D0E38226BEEB28B15A827EBFE75EB05CC806AB16E547ACD7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.011.etlMD5=ADC4502490CCF9E6789221FF743BD5A7,SHA256=6054C31CB469AB3F5419AFDB3BF66C8D3DBE1E8FC3727AD4A72C1410D8B66624,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.010.etlMD5=BCA0BA4681067EA8D62DB4CB20C4717D,SHA256=6D7C10FF76D57C722580BFC0E44C9494D785ED54E6DE50AB9EBC8C7FC44FFF7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.732{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-UACEnabled.ps1MD5=E33992973222BEE95B89BA4D7B060129,SHA256=691B4F93B201CC6477ECA1A662DF9A7BC93819C1CFC5E762A830751C799E32BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\chocolateyInstall.ps1MD5=0BCA1D66A247FCE19914D0F2C63E6581,SHA256=501E1B572021BADBB227C2423569452A28DEEE46DE615ECE1FB2B0C9F0EED477,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.716{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\VERIFICATION.txtMD5=ADCFFBF81623DAB3DBD2C6F6D6216D31,SHA256=C37176A6F935FEDA0925D991D578032E857D2B545AE18ADC697269130D19F0C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.005.etlMD5=A3549B9CF520891414093BA6EB4918FE,SHA256=04FA97197B74DF222EC2F65D1B5C18E5B992AA9744CEA216DB923568F884DB9B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.004.etlMD5=28066E67E92FC0E553DA0EE26F2994A7,SHA256=A2D4B5040BB9009C9F36137C346010ED71CAEB6B91DE39520258FC71CA49AC2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.009.etlMD5=55A0C6175E4841E047DF6248A4963656,SHA256=D08F7EA51690A39EB1B450A765F17B4CB091AD408C078C30DD0B4B7B490EAF86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.700{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-ToolsLocation.ps1MD5=110AD02A9BEEBF5F3C7FFB9F16595E5C,SHA256=7A1CEA136F9BBCD6CD3C7801356163020CFD18553D74E67DC378EEB6F3150C0E,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.685 23542300x8000000000000000171983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\tools\7zip_x64.exe.ignoreMD5=BEA07E6D2B8DCE396FE21BAA61B34956,SHA256=2E08D1F6000AEF541797D008C05AC36F4DBEBFB36CBAC5615788E6FCC5B300A7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.685 23542300x8000000000000000171981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\legal\LICENSE.txtMD5=650BD91878930A925935C6103A4422CC,SHA256=35F3C3FB382B3973437975D17BCFF206A53C0F76C04E4E5B94B49E5A38DED6F8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\shimgen.license.txtMD5=58FA6B4B88C177B273F25D9324FDF301,SHA256=A2BB559CDA0826A8DB2B893D3B5D7DE6CF13D91210FB920E33B682851D44C037,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.003.etlMD5=A68C402E7D5C1D6097AEAAF445194887,SHA256=FC5443DBEFEE812FB74BC8150E5F357D32D0E940F2E47EFE6350102DE1291B0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\Policy.vpolMD5=3ED4581B45C0C4646ECFC81BC311FFFD,SHA256=243FE00DA79C52657698B3C736AC85504BBC816D2F98E276C78C6F19F1691E05,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.669{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-PackageParameters.ps1MD5=F8AAAC099CD9BAEF938A97F9B1234B3A,SHA256=8E0A75858942AC9388E6359BDF9A2430E6922BA9AFC6F764F12521D399592D02,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.653{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\3CCD5499-87A8-4B10-A215-608888DD3B55.vschMD5=0C19329F1A0959D6E069DD77DC32E7FC,SHA256=CA469F2580E20B3D1077355A1E0E673BE724AC15AB15E859B7BC3BCF60854120,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.653{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\7zip.install.nuspecMD5=6B20F0946351971DF2D0D2E9BD021438,SHA256=8FF47232BEF08FD5BB55B9CDF6C249B68644F7B2C2EF1CFB7B987D0902F8AEDB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}v14.28.29913\packages\vcRuntimeMinimum_amd64\vc_runtimeMinimum_x64.msiMD5=923A85899767D628189CF6331B87CC6B,SHA256=60B90BC6E8C68FCB384BF5A06F822A1CF5201AEBB344C041A079799F9FD0B3B6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.002.etlMD5=F000AA551AF5B10B390D64BE42E55F5F,SHA256=E6EC99E2CDFDBB38911A6E2F8A4F52D3CC23FA514CAF1432C87002A24B91F62A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\checksum.license.txtMD5=A10B78183254DA1214DD51A5ACE74BC0,SHA256=29472B6BE2F4E7134F09CC2FADF088CB87089853B383CA4AF29C19CC8DFC1A62,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.638{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-OSArchitectureWidth.ps1MD5=62EB2DA108CB4FCA477A00736AE64F2E,SHA256=1321753E1CE6C5CA4921A3DA5CE77F2379410C2AA23D336B7D51CDADBB906528,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.622 23542300x8000000000000000171969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip.install\7zip.install.nupkgMD5=C9C2399FBD769A6964ADE0C9D3509898,SHA256=D0A2B7AE996D1CDB2E969CCBEE7DFFECD6EB29E86CDC585FD2C3ED38824F1DAE,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.622{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\UEV\Templates\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.622 23542300x8000000000000000171967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.607{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\2F1A6504-0641-44CF-8BB5-3612D865F2E5.vschMD5=37A1115747E63E1C0EAD2C66301F22D3,SHA256=9496889B2CBDA0BCB85B8EF91DC323107702C214EE37A7C1057B8FC9C8874589,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.607{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\checksum.exe.configMD5=E9AD5DD7B32C44F8A241DE0E883D7733,SHA256=9B250C32CBEC90D2A61CB90055AC825D7A5F9A5923209CFD0625FCA09A908D0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.607{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.001.etlMD5=990100105505DDF85C6A9A6AC8769233,SHA256=430B279604D08BE553A0659CD4F52B455D86C107458FFBD24D62084ADAD6C735,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.607{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-FtpFile.ps1MD5=A0963C381A6D32D94D9486591093DC8E,SHA256=7D0FBBD198D4AE29FDEBA3D81DE291A84A6417EDA8B5A0E6A4B366100EAFD240,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}v14.28.29913\packages\vcRuntimeMinimum_amd64\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.591 23542300x8000000000000000171962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{EECDD137-13DA-46ED-ADA0-BDF7F8BE65B8}v14.28.29913\packages\vcRuntimeMinimum_amd64\cab1.cabMD5=8D3E92CA1D0EC4E023C05DA670224FD4,SHA256=089083CD5349E2266473B5DB077BE787A2E901D1FFFEB3C36A4FE9EAE9C636CB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.591 23542300x8000000000000000171960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Vault\AC658CB4-9126-49BD-B877-31EEDAB3F204\154E23D0-C644-4E6F-8CE6-5069272F999F.vschMD5=DD8778EDA0B96D5D71716FBB50300293,SHA256=61E06F4DEFF92E80D1605CB17A0C83604AC6CDB72FB3D4B1E3D0EB7E7BBBF4A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.591{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\7zip.license.txtMD5=899A48828B85C4B0402EE7CF1F65B62B,SHA256=20343526E04CE61EED2675282462E7080D305246F7807386621149C2025765D9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000171958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.160{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeATTACKRANGE\Administratortcptruefalse10.0.1.14win-dc-385.attackrange.local50809-false213.164.207.9-80http 354300x8000000000000000171957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.092{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50808-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000171956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.092{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50808-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 23542300x8000000000000000171955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.008.etlMD5=357B588157626A013E2FA55067B9835D,SHA256=CF995852A24809C71B12BE42ED114CEAE774216DF558D73B138A806F2BC52F2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariableNames.ps1MD5=D0D66D9FA29960282739867FE0730A1C,SHA256=F288A31265333F1245E4E420A079189F3D15EC8E75A7E6D2874BF121CC2E2CC4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user.pngMD5=CE1E5810D7C9F27A6B139B7BB5772198,SHA256=0AE29A2E9FB4CA75DA5145AC86AB6DD9F12767CADB5BC6A9AA4B1036EDC128E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.560{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\7z.exe.manifestMD5=8F89387331C12B55EAA26E5188D9E2FF,SHA256=6B7368CE5E38F6E0EE03CA0A9D1A2322CC0AFC07E8DE9DCC94E156853EAE5033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.544{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.007.etlMD5=59F8A0B1ECD0B8326EF50DF8A552B53D,SHA256=D55D7D1C7A700363020E56A9A7645B80569FBFF4E57AC17AD791949B1F91554E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.544{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-EnvironmentVariable.ps1MD5=D000A4252EEF1A723E24BF16368D43C2,SHA256=A6F8D1E04C9E3F538611BB80273444E0880267C87A0CE95CE4E65740F8DFFAC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user.bmpMD5=DC2C42110B7D84F144C6D905A3DDA74E,SHA256=4E07A1A6FBB5F29252A7C7AD7C3C80B32B4CC8BAEB832DBE40C38BBF85D984E7,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.528 23542300x8000000000000000171947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.528{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\tools\7z.dll.manifestMD5=8F89387331C12B55EAA26E5188D9E2FF,SHA256=6B7368CE5E38F6E0EE03CA0A9D1A2322CC0AFC07E8DE9DCC94E156853EAE5033,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.513{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.006.etlMD5=89FDF57ECC1452B62AC740E04E25F67C,SHA256=F897CB104DD58FE5164428F2150ADFD8B3FA555929C33D90CA8BACCA2EB19C2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.513{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyWebFile.ps1MD5=67E153210A0C7A5C1AEBC8AE7A682ADF,SHA256=1FBD2E7F414E39BA50DE84AA1EACC9DFCA4CD1E53E83D108EC1D2AED627941EA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\redirects\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.466 23542300x8000000000000000171943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\redirects\RefreshEnv.cmdMD5=B4326546C3A252494DCD512976F8B89A,SHA256=9B251737A6B6ACE9FDE45B64FD653B04575C6416F15112FBE1697A47B14990E6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.005.etlMD5=B77C0302DFDB34070926809039C6112D,SHA256=C250E33B71C48085AFA0FDDE2297939A82B8FD24C5CAE661C5F9EE09C37894D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-ChocolateyUnzip.ps1MD5=6EE454C62C2CE4B9A18860DC4D40390B,SHA256=C14D4C475429495F12CE576B88711CA3A3B0EAAFF6F9C573FD7FBDD3F997EA74,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.004.etlMD5=E7D29CC4F816D9CF8C5C06B279F52453,SHA256=1775D29839D1D7BEB80091BAA8439B73F1EBD5B7CC54ECBBB582D45A2BC35A29,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\logs\chocolatey.logMD5=6D7ECE07F309CB45BCEAE07327239356,SHA256=D777CE3AA17F2C580300C20941463E59955936D4E3B8B5F09F7D371969CAF1BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Get-CheckSumValid.ps1MD5=E2B49CF50721C44758733F2BDF6E5766,SHA256=6572A81464A4328323BE786218687F6A58B8269AD1CDE217134E0D2307E4648D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.003.etlMD5=83C7DC0AEE9B2043C013C4F69BC0C517,SHA256=C6C80644DF64678C07A34533ADEF2993246F44E2D79081B7E36CE49D371DC2AE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.404{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user-48.pngMD5=45F18A848F56AB20F3394A06625B0F74,SHA256=E5CE93221BAF11322184C3FFA5AF9B3A9CDB537E1932745F333D872A0ECDA140,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.404{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.404 23542300x8000000000000000171934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.388{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Format-FileSize.ps1MD5=B286892DAB3036F9E620889996858E87,SHA256=E79CD4E86FE94C0A86ED3F899E83387B5B3B12B950070165FFA1513157D67D69,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\logs\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.357 23542300x8000000000000000171932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\logs\choco.summary.logMD5=5D5FBC17A24989A643CA2B72E4AB8671,SHA256=F15D962D61847AA9B42CAC090E4178E4DFEB50706C230216FA7600D1B642FF78,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.002.etlMD5=87B3C1A035058FE81A7ABA86E5523B05,SHA256=8EE2453A4B42A2953C6E3B647434A2EAF8C2F849581444B8924CF09CD3136220,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user-40.pngMD5=62EB5F8AF13F0886F278614F5F43E21F,SHA256=EC3E84AD90487122BA0EBA5945DE8A2CA2B10FFC16B3A02746DEF24E926148B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\ChocolateyTabExpansion.ps1MD5=73180E9CC5D3D79D2C4B7A9703A6FC21,SHA256=B5E9186901FE4C9015C152FD88F4E109B6C61959490D6CFB409DF2B6BAE2C054,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000171926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000171925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-45E8-60D0-8F00-00000000D001}30042948C:\Windows\system32\csrss.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\SYSTEM32\CSRSRV.dll+1a30|C:\Windows\SYSTEM32\CSRSRV.dll+5c09|C:\Windows\SYSTEM32\ntdll.dll+5178f 11241100x8000000000000000171924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{E9A85994-61C4-4763-B1BE-50094803E005}v3.0.1124.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.341 10341000x8000000000000000171923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000171922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.341{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-A2C1-60D0-A410-00000000D001}6156C:\Windows\system32\DllHost.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6f453|C:\Windows\System32\KERNEL32.DLL+1d37f|c:\windows\system32\rpcss.dll+36349|c:\windows\system32\rpcss.dll+3bb32|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000171921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.310{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user-32.pngMD5=8B0C9A9879D00A4ECED7948D6E47C3A3,SHA256=552C3AE1507531C972FE23B1849E9CF60668030A18E70B22BAC40654895B1D44,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\chocolateyScriptRunner.ps1MD5=AECA272D5D86530BDA42290C319F16A3,SHA256=C0BB363065138844E9B70F20849D205CA4BECC203CF49018609E14C2AF9680AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUxBroker.001.etlMD5=BBF354B3CA317D73AAAA2F067794C097,SHA256=50111B4372F66058DDB305C7717D32346DA85ECB5C1C1E8F7510A68BAECC05C1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\user-192.pngMD5=4D11D81DC520C49DAEC13A866CA2A200,SHA256=6918F0F8F0461F866A849FC691FA5DE86DB117554FC09C6497F9DF363EB483D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.278{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Remove-Process.ps1MD5=CFDFB899BE8491454B264BF7C5EF08BA,SHA256=090B1A55DF7DD64AC0A9B1BE90E41ECD6D70C7DD6EFE56493403372F55C06C67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.006.etlMD5=B345A80C77506F88C9B9DD0E0B8C7117,SHA256=55E7D5986CFE5B73FDBC65CA564C983E8C5178FF852EFD4940E72D027F12B704,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{BDA0686A-BD74-4579-8E5A-DBD5E73C5D13}v2.0.6\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.216 23542300x8000000000000000171914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\chocolateyProfile.psm1MD5=45D3AEF61E9F3234839614651CC48E36,SHA256=00E5833DBF6C6DB192DC0B06BF698465066C6C4AF75BD4A5F3B5B4783C130794,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\guest.pngMD5=CE1E5810D7C9F27A6B139B7BB5772198,SHA256=0AE29A2E9FB4CA75DA5145AC86AB6DD9F12767CADB5BC6A9AA4B1036EDC128E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip\7zip.nuspecMD5=539CEB31934BB7E09A6A3559A33DCD5E,SHA256=DF14D523C6D3166E858D84B2839760CB673E74969533EE3CAF7DB96FA7B32FFC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Register-Application.ps1MD5=D2853E569DAC9A341642BA76EC4FB411,SHA256=A7E432146B2195A79875B6AC1AD82EDDF40EFEC79122EE41A68C68577E5D03EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9D128C205B3F32CA3ECEAF7B37BAADF,SHA256=D68CB1FF179A9327EB145FCAC589125CC30079322C1367360F402BCF3746DC21,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.185 11241100x8000000000000000171908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.185 11241100x8000000000000000171907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.185 23542300x8000000000000000171906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\chocolateyInstaller.psm1MD5=8CDA16BFAB156B6A99566CC00FC1D7D0,SHA256=BF6F8F76315F8C29DF23E392C4D69EB7A7614F96D3C4FB56B78E33A110247C1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.005.etlMD5=93342EAD7F5531E329020F5B8123A20B,SHA256=A1BE2D6E4134AB76C6889EA6555238D0A13BA6ACE83345D4CA84F361571EE949,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\User Account Pictures\guest.bmpMD5=DC2C42110B7D84F144C6D905A3DDA74E,SHA256=4E07A1A6FBB5F29252A7C7AD7C3C80B32B4CC8BAEB832DBE40C38BBF85D984E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\7zip\7zip.nupkgMD5=9BAB04BB70ACA787584D8141738DF9BB,SHA256=A7003EFEE583E30CC475420692AC50C080B7AA6F1BF920AE4595AF63EFA2CA2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-WebContent.ps1MD5=57D013E581EFEA3D4D8366183C9A5797,SHA256=8EB487D51E3879F21035828878E463438A15032B1DEB4018B3583EF60A92AFBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.185{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A61C7A598D2F0548CDF301EB78E54024,SHA256=71781DB82E7E4F2C03E679A0EC9B09B84B1AB2E5C13B46950801A44D235F3CB8,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.169{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{B1A3AC35-A431-4C8C-9D21-E2CA92047F76}v2.0.533.0\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.169 23542300x8000000000000000171899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.138{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AD7343345A91D3D359F33F3F6A0F6AEB,SHA256=14620D8E8D06A989BE2BA03A758D32671CD5ABF768BC468245A9074B96C28BA5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.122{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-UninstallRegistryKey.ps1MD5=3FAA5C11AAFC4EA35BB98EA797446C97,SHA256=748E1ABD1581C5C7360CC88C7A8C3BDCE13626C2D537484CBB3C529F0F8D49DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.004.etlMD5=6E5D3757903178A62CB24B1AF1EF6EAD,SHA256=AC262F04C97B6F186A4C1F34633B9B2AD503FBA9EDE525B02CF79B4948C99FB2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.install.7.9.5\.registryMD5=20BF8BC41DA333E18D6C2E035FACE968,SHA256=7756A371D22272329B5361F22B824877AAED1F142E226C0CF022FCAE9F92D955,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{855e31d2-9031-46e1-b06d-c9d7777deefb}\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.107 23542300x8000000000000000171894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{855e31d2-9031-46e1-b06d-c9d7777deefb}\state.rsmMD5=C14C22868C5F74C13E69D393D874C713,SHA256=D59E704378DD1B9F2215A8F0A15265FE4943AB1B5BF713F7B462A7D1698EDA1C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\UEV\InboxTemplates\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.107 11241100x8000000000000000171892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.091{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\ServerManager\Events\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.091 23542300x8000000000000000171891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.091{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.7.9.5\.filesMD5=70606270FE61FB6CFFBBEEE525A99EE6,SHA256=A57723FE0BFF9727EA373B92688662E6B45AD15D1DE1EDC2833C5C9BDA18DA25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.091{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\MF\Pending.GRLMD5=FFFDE3DF0D91311B7FE3F9BC8642A9EC,SHA256=BDA9DF3591BF7F67D4B31D23CFFDCF927DA6F00AE1B393F07AEA69BA1C4344BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.075{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.install.7.9.5\.filesMD5=5310F231745BBC776997C32146A97C86,SHA256=3DF624B985719CE8CAA96E952528151A598CDDE2166E8A230757C24F5C96373A,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.075{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\en-US\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.075 23542300x8000000000000000171887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.075{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageParameters.ps1MD5=C08B3AF8CA150B6609DF2B978B693269,SHA256=B5D464AB38A665FDF2E4A532C00B0470F69DDB6D68ED3121FE1091FBFDDEDCE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.075{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.003.etlMD5=B09CED167E39C7301947E8986F170B55,SHA256=B464383F5062580DCCEC360EBDEF87652199D5DBFE79946144BAFA7A6F4D93FB,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.7.9.5\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.060 23542300x8000000000000000171884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{620A7633-7A09-42A8-8580-076A4483C4B0}v14.28.29913\packages\vcRuntimeAdditional_amd64\vc_runtimeAdditional_x64.msiMD5=060CF1355020BCC3B31C7D21EC76E28B,SHA256=1235CE450B2F5316D83C4708955344F8E0FF41D1538CFC241B36061547909944,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.7.9.5\.argumentsMD5=B4141F10439F88CA4B2C0F3234A72684,SHA256=3CD4F19C18A19BD871A1AC67AFAC6C5A63A289A625DF3BA7A43410B0361659B1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\MF\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.060 23542300x8000000000000000171881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\MF\Active.GRLMD5=FFFDE3DF0D91311B7FE3F9BC8642A9EC,SHA256=BDA9DF3591BF7F67D4B31D23CFFDCF927DA6F00AE1B393F07AEA69BA1C4344BC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.install.7.9.5\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.044 23542300x8000000000000000171879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\notepadplusplus.install.7.9.5\.argumentsMD5=0AD2D04F7CB9B94EC9B96155515FBB54,SHA256=CBFDEE79351E4000F9362EC1BA8CD2481EFE9593F46596474E562E6961ABB9CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-PackageCacheLocation.ps1MD5=77A378E5C659E5A53D2D64E276159B62,SHA256=409DAED00ECE17BACE5809F95A642455956DE49DB602873800149C2A53579F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.002.etlMD5=A97CE0D086EE82EF33A3100C49EE9332,SHA256=0E101FC00B045A54609A85C67660ED42C1A2C9BDF7B4D6F45888D8FDDA8D897E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.028{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.install.2.32.0\.registryMD5=AFA3DDD53D4AE9BCCE083D3851F54382,SHA256=36C36057C87FDF991822B0F56B4832CAC51B24AE161825035021F3ECF98EE64E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.2.32.0\.filesMD5=2BCAC498FCF3FD59847CEF38ECAE48E4,SHA256=20631C9C664DC2675F3A77446F989C8F6A19938D9B0B2DF44E1465C2BAA8EE74,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Package Cache\{620A7633-7A09-42A8-8580-076A4483C4B0}v14.28.29913\packages\vcRuntimeAdditional_amd64\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.013 23542300x8000000000000000171873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\extensions\chocolatey-core\Get-EffectiveProxy.ps1MD5=3895F062D2D91D9D32D1FC57A619066C,SHA256=83A4A58547F802155A275D258E0D958D568F2A0FB4829F967A9EFCB56F3555A9,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:29.013 23542300x8000000000000000171871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\NotificationUx.001.etlMD5=391A2D5851C8EEB139E2F40F74219D5E,SHA256=997709BF3A3123D68D5B9D009CA42D0712F6898FD4EE115D55AB27C2CFE8321C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000171870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:29.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\.chocolatey\git.install.2.32.0\.filesMD5=74B6225875EBB71267393EF50BE3D456,SHA256=8113456B4FCCF25A733CFD3DB589581F34FAE73F4B7E54D5E66C2BD4EA070920,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000171869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:28.997{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\Microsoft\Event Viewer\Views\ServerRoles\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:28.997 23542300x8000000000000000172179Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.091.etlMD5=4622DE5AA021AAC306B7ED047C72B3BA,SHA256=7252977AD84EFAC6B7A6063ABE759CD006D60C18117B83C41BC6A027E8976447,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172178Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyEnvironmentVariable.ps1MD5=A52948BC7662A8EB32BB8641B0848D30,SHA256=E382547CD7BD914A092C93AB404B63E7F8C1B23DA85B3C0D1D7C4F12A9D22B53,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172177Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.982{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\npp.7.9.5.Installer.x64.exe.ignoreMD5=BEA07E6D2B8DCE396FE21BAA61B34956,SHA256=2E08D1F6000AEF541797D008C05AC36F4DBEBFB36CBAC5615788E6FCC5B300A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172176Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.966{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.099.etlMD5=36A81966CC0B707059009D6AFAC8E87A,SHA256=190CCDAF44D656A83BC4A11163FEEB14EF821E30214DEC87FD3D2A3B53ABAC4C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172175Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.090.etlMD5=2239148304512C2EA77F0261895134FC,SHA256=B0E8A7AA4AFB47A1417641B963C9FD99DE4ECE4ACFB7385EEC15A6C81352F934,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172174Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Write-FileUpdateLog.ps1MD5=95C90B4D604B7609E73570D6E1E00C80,SHA256=1C101B12601E47A987D062DF6AB623BB023E5F13780CC18EEF93CBE39C548E52,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172173Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyUninstall.ps1MD5=53320AA62EBA74A2B64155CE4DD1D87B,SHA256=7D5B57153A30B896C2ED9FFF918CEBCF92F32C5CA198BDB6F90D08932D10C699,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172172Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-BinFile.ps1MD5=A57C71E48B643D38CA35E4A441108DF4,SHA256=00A105FF7F99AAA951BC359DA89FEA590720993766771086C55934EA25611458,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172171Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.950{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateySuccess.ps1MD5=6398F68328E8A8B4CE2392EF34358174,SHA256=4A426CFE2410CB1410E5ADD3AB105B1942998E4903F98A41787307F833A14AAD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172170Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.098.etlMD5=AAA4FD63B6229ADA06B969FE85306EC8,SHA256=ED584655799F901D9CFF98FAA8A89141B9C6A2EACA8C9C17BC9413C14BF63D8C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172169Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Write-ChocolateyFailure.ps1MD5=744A6433AE40FA40B6837715D08A5A48,SHA256=81C39FB2B5DFC729135A567E6C3BDF8A831E39AEF489B889A47264A792FC7E7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172168Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.935{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.089.etlMD5=AEAD6C6867A46E261800B7C2845523EC,SHA256=B393E4EA3D5425C5A9A735349C5350982A7B84302EDA03A94124BB2B18E6A031,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172167Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.919 23542300x8000000000000000172166Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Test-ProcessAdminRights.ps1MD5=87115F612A4E924991A82CA774AFDAB9,SHA256=D2BCEA92FABD3DB9A614DEF40D3067F83F9F7EDC492F3FF61D2E109435C45EF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172165Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\tools\chocolateyInstall.ps1MD5=8AC0671CF3223E46ACE940D7314EDBC5,SHA256=866C981F44B729F7E9B6010046A675CC20FF55160E6C6D76FEE8A01844E3B03D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172164Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Update-SessionEnvironment.ps1MD5=80B12F541572D640AC3477DFBD814AC7,SHA256=72F46B7EA47821CC7A51386690E73994E1F8A572CAD5F49F824F29C181ED5FA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172163Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.919{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.097.etlMD5=198F687A2EAE908E87E123058985EDE5,SHA256=B8AF6921BE2CFE72382422C04D20C348880E2E332EE32B516C92BE7465AF2B0A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172162Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\UnInstall-ChocolateyZipPackage.ps1MD5=2A9482F4391FBEA4D67FB6354B8583D0,SHA256=CDA69EAD0D2B19546273452EE6F535860BD38BA28A1F2DEDB25D44970A21D68F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172161Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.903{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\VERIFICATION.txtMD5=C8704EFB60FD52029B172671A893DEB8,SHA256=AC06084AFEB6B6D521BEB3B153242203168838100C04ACA909999664FC810594,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172160Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\tools\helpers.ps1MD5=6CF4C0CF17B0B0B63A8116B12BC0931A,SHA256=8B3127D59EE591E812B4B1E52C01B6BB8D68011570E3A663CE5BF23EE82F4363,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172159Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.096.etlMD5=901F68AB4501D58C32D3D76A0A88C65C,SHA256=A3C6AD52A4675DE05743FC3AD5D0759A4E155A375529DFE42ABC399EBBEE3F18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172158Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.088.etlMD5=4E64667055CC0F6737E714925A3FF076,SHA256=A82FFCEDB68475BB43FDDC4CBFCA82AD1394F73CB58A0FCE66EB5FF1241834D6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172157Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.888{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\tools\Git-2.32.0-64-bit.exe.ignoreMD5=BEA07E6D2B8DCE396FE21BAA61B34956,SHA256=2E08D1F6000AEF541797D008C05AC36F4DBEBFB36CBAC5615788E6FCC5B300A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172156Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Start-ChocolateyProcessAsAdmin.ps1MD5=62F7B9792E1CC9E3A72FAB727A1E8550,SHA256=617386D4E72D3E733D6524F53D1B8844C6979FA3671CE4F9528F1CDEB1A19001,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172155Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.872{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyInstall.ps1MD5=5D4B24287AFDB09D2E89476A08415BD4,SHA256=7CBF0C55EE027CEF0F027CFEA5E6A5F7DC6840A575BBF8023872EB463BA02297,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172154Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.857 23542300x8000000000000000172153Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\tools\chocolateyBeforeModify.ps1MD5=06E010E8568FED9273445F4D3114F790,SHA256=52F1373B7B2FD4A35F37B4BDBAF2CAED47560B9E552691A4B6FA50EBCF460D76,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172152Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.095.etlMD5=A1A9F9E312D818B79B7B0C881825C061,SHA256=9F50756C3FEBCED99B84866F1ECD152444E92277BC71C060A525A7FEB8793CF2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172151Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.086.etlMD5=5AAC71ECB86986A83B1237AA09CC3AC9,SHA256=E0BEE2ECEC249443E3B6ABBB139FAAC4B5E1E880CC415231DACD023F440D8C14,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172150Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.857{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Set-PowerShellExitCode.ps1MD5=6E05A3402E8F93A066D454F641514456,SHA256=1DD7650BD0F1F753C6AD4793B0D02357B71E8304A8EC5019B5821823D64275A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172149Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateUx.003.etlMD5=D62FCBACF2B885F766AAD1D8CF632651,SHA256=A4A6BBF246440D497AC076C3CEA6F8DA7045E19F5165E3FE10EF457931A129F1,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172148Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.841 23542300x8000000000000000172147Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.841{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\legal\LICENSE.txtMD5=397AD6FD5743ECC1826ADD6EA0FB0AF4,SHA256=B2A74140769DC8BD34CB72BD2D177E58522E69427F39651B738011F244F835BD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172146Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.087.etlMD5=C40E2D4600F5ED958A0D027A784593DE,SHA256=0AC2AE969D45A9D510BF127E4FB20A7087C02B6882285911D0932167BC65A892,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172145Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\notepadplusplus.install.nuspecMD5=1BCEED5C13F8AD86F0D66A555714CA9D,SHA256=1A50DD8CCDECAACAFB9B8F22A686601DF00280FD994F312C4CB29DE11045530A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172144Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C48D9731A767C59363BA31CD544C8549,SHA256=909118988F3823264F04426664AE984B90D33BA6DEB95C3072FA856B494BAEE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172143Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.085.etlMD5=C13541717B360E74017EAD00944DAF0C,SHA256=BA7DC1392BF8593DBABED01B3D80E9943F07D7FCA80E82102307B260E5B0B1C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172142Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.078.etlMD5=734F3EA05E33614F675B04F9D4483105,SHA256=41640839E5A8D06181EE1C43C3246024D6AD8FDBA85F3CB7D42701418473C168,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172141Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Set-EnvironmentVariable.ps1MD5=8DC3E6EF3AF903A484D5B7FE5569B993,SHA256=E2E880F3CC79ACA23CF8D42BE131324422E19D2D4DEDDEC41DA93C31FDB310E1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172140Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.082.etlMD5=03B3A787C7872B7F8A4A23F89B66086E,SHA256=36D4D166931CB7BE421BBB87E7E1F947712ED7D268EE7C5E4AD1024B0F76E0D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172139Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.810{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\legal\VERIFICATION.txtMD5=FFCA2CD43726E2284783DAF002BB3B47,SHA256=5ED29F4BDE23837527B525743E002897D2CE863E69BC94A8136C797417AD59CA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172138Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172137Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172136Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172135Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172134Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172133Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172132Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 11241100x8000000000000000172131Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.575{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus.install\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.575 23542300x8000000000000000172130Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.513{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.084.etlMD5=0C7FA3EF828D0B3C6E73AB0D19433138,SHA256=F76E79923C4B9C29EFAC2002B9553AFAF996E3A26C38746430F6A3D4350FD7BA,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172129Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.513{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.513 23542300x8000000000000000172128Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.513{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus\tools\chocolateyInstall.ps1MD5=E681F355000DAF7C0D94E48772AF8A38,SHA256=13182BC30B6463503D6C8959EC9E40E692802B72327C64F3144F41E6B1ABE16C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172127Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus\notepadplusplus.nuspecMD5=93EFCDD1148AFE2B7200EDA80E23C57C,SHA256=08538322BF334A48B9BB62BCD259C562635EC2954791A2BB65B70DF59DE8B1A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172126Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.077.etlMD5=9FA2B92C5E67C9E55F8D380D0DDDD92C,SHA256=13440654FA5CF9364AFE6C1C768433C665E889B7DC13387A3317D10AAE6175D5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172125Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.083.etlMD5=A9E86683F506F388C40D8BD0C87AB666,SHA256=A180D4EF940B859A285198509924026A96931FF3398DF877F4A95363BB0A25ED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172124Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.062.etlMD5=315960911A941E444CFD0CA64EB444DB,SHA256=CECD5B5A18F008EF1300815A8496523C25768DA5644B4ABDAC15BAB7B5B1B1B0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172123Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.497{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.081.etlMD5=BB7496D2288F18D74349484B1A8241E1,SHA256=3C43A1EEAC69E2C07FE8F17CA44EFC4940AA1E851387B195C8E7A232B2798655,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172122Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.482{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-Vsix.ps1MD5=147FA8E84BFF45B1E53826EF64A4D51A,SHA256=9DB2EA3BFF4AA641C1DF19D03106130A8F04BDA11FF4C810332E7D02B488C5FC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172121Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.482{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\legal\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.482 23542300x8000000000000000172120Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.482{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\legal\LICENSE.txtMD5=147AC7E5E6DAA60704C926873D2C066D,SHA256=454649DDC02B5CC098513CEA28DB6592B45AC0A906386287C4D48CF8DBDE651C,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172119Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.466 23542300x8000000000000000172118Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\notepadplusplus\notepadplusplus.nupkgMD5=8D7055C34AEA92F6CCEBDD13B7C252A4,SHA256=933164F6DEE2251308AF60D7CB95A12CEE17583F42C86ABDD9DA6500A0406700,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172117Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.076.etlMD5=644D3188A69F22FC8D6C8CC34538A6EC,SHA256=696F498AFE380087843A7BF233AAE6F44F4F6C65BCF323320443776FADC9832B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172116Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.061.etlMD5=AB0E482495493696B59D59E83581DBCF,SHA256=0F64956A09DD4902E20C8FAD410DFA3C199D02FAF96BFD46C5F92F9DD559AE2F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172115Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.074.etlMD5=F173244ED65DDCC8B147A26B47735A06,SHA256=9281BE26179AA1F7504B303E8E076FE8F1F8F2985927CDB714134BB5908D130C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172114Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.466{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.080.etlMD5=39ED58E20718BB16644E937C23781D77,SHA256=572611C23DFBA6F0A51BC7EDDA57191B511AFD5278235E51C3CB851F79ABA53C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172113Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.450{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyZipPackage.ps1MD5=51CE06F83C24998FE5140432D9D27E96,SHA256=282E1E4AE6A8C2826C5202CCE4499CF54033AE063D3E88E1089B4B214910D5D9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172112Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.450{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\git.install.nuspecMD5=9C52920C51AD6E01A3FFACFD2C254813,SHA256=32706FCB1E7F6A85097E6B574A9B8F7AF0B77432BD3E913DFD0BE6F7818EE5DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172111Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.075.etlMD5=542C5AA3AA931A1F92BAB46E9AE49F4C,SHA256=27AEBAB4C71542098B7CE288BB96B4A45A3D93701EC13948F112EDD07B65CA39,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172110Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.060.etlMD5=B18F9D3C70EA2445D5FEF1E8B7A0B3D8,SHA256=51F74E88AE1C14082797D85F5A545E6DB1DBCC4D924B3CCB92B16E5A4947E5AF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172109Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.073.etlMD5=4044B0E7486757380CAF5D03F3ECE0AD,SHA256=4CB315B29B525B41F425CF7FDC1B4C9DD43495D3C2D7BF3A31719ED7BFB5A500,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172108Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\tools\LanguageChecksums.csvMD5=A1BD3B9D97639B06D920CD09D74C0678,SHA256=D1544CEF22D933F736569E7405795D763CF331DD59E132A92A3F1D1D8DDBC08F,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172107Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git.install\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.419 23542300x8000000000000000172106Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.079.etlMD5=6C60C1DB37ED97B2FC31D8F3FF48CA84,SHA256=6E241DFA8CC84860080B37FCCC8F35AF034052F09420444B84873FDD36AC5398,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172105Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.419{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x121411C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\rstrtmgr.DLL+1d7ea|C:\Windows\System32\rstrtmgr.DLL+1b628|C:\Windows\System32\rstrtmgr.DLL+1bff7|C:\Windows\System32\rstrtmgr.DLL+93d8|C:\Windows\System32\rstrtmgr.DLL+888f|C:\Windows\System32\rstrtmgr.DLL+42cb|UNKNOWN(00007FFDBEE437A6) 10341000x8000000000000000172104Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E0D) 10341000x8000000000000000172103Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388688C:\Windows\System32\cscript.exe{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+381e70|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2fa12e|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f956f|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f94a6|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2f8620|UNKNOWN(00007FFDBEE42E00) 23542300x8000000000000000172102Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.403{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyVsixPackage.ps1MD5=693801C0521EE669DF449BCA639B4FFE,SHA256=AD2B4CC107F6136002B54B3A24B7A4AC833F237E4E34D13320403A70F442763F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172101Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.388{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\tools\helpers.ps1MD5=EBE927EC86AE72F0B5C373CEEC4B7843,SHA256=6E3EC5A59FA0DA3400DF3BFE9F11EC4365B39960D00D3344D4CCA8122EBC9A3C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172100Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.066.etlMD5=C628C6DEEB807FD7B874F64A0B2D58AE,SHA256=FE4478831279CE5FD5B07BD33EE0ED9C680A91952B0BCE785F42F025A4A8F4DA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172099Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyShortcut.ps1MD5=037D27FD7B061858F9A8435FF3A1DF57,SHA256=4875C51E4267748111DF463A72979A2EDE9E52797686C184B5475DF10CF00A2B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172098Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.070.etlMD5=2AE54D7F113C53BA78BA3E868B53E740,SHA256=A67A201E3BAC47A2C20330E19295636AFC908759675D4F38B43A959B6E0470A7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172097Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=D9D128C205B3F32CA3ECEAF7B37BAADF,SHA256=D68CB1FF179A9327EB145FCAC589125CC30079322C1367360F402BCF3746DC21,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172096Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.059.etlMD5=DB4869690D39B95612CC29D34C173FBE,SHA256=42BB2D07B6F6D776346591E897AD1665DD1B089A6995E0662FDA78557F309121,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172095Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.372{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.072.etlMD5=63DF89E5FF9BD9C0E3ECCC4760C208F0,SHA256=76D5E84EFE7FAE5BA9B8E0987C0EC22E1BCA2EF765456361428219433AB9972C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172094Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.357{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyUninstall.ps1MD5=3B18166A8B26ACBA217BC72C55274198,SHA256=2158EF0DF7BE03A34EF5569E6EE9F9EBBD83826CFD3DD89C0424B089548975FA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172093Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.069.etlMD5=72C67C4003905FA6828C479B81545B7D,SHA256=20C7EB73A8BBE943FF126D760546EF009562C53002FED4DA11A0378AD3975EFD,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172092Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\tools\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.341 23542300x8000000000000000172091Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\tools\chocolateyInstall.ps1MD5=70C2F31604A90C4E1617B75BFD6EA8D1,SHA256=B3BE8E04F99B03716EC25973AD7164843F5E251B6B4C23C63A4F00B60CED2C33,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172090Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPowershellCommand.ps1MD5=0C4E0D51999F46BE480DFF5C66E60121,SHA256=EEF7C6BD0AADD4B32079E6FFFFD41DDCCE215D2A79A9AACE8C9B07311661FE2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172089Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.341{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.065.etlMD5=1E5BEAB39B94B163B0FEEEB824D518B0,SHA256=59B66937389C0B471A907B348DBB9BD4117A56626F57F22CA5EAB459EF901902,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172088Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.058.etlMD5=34E30F437D08F21B21617FA86EBFC0EC,SHA256=BA76A391681D54871EA71C95CC641C0E1E2BFF2492BEF79474A98DDCF5F670DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172087Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git\git.nuspecMD5=25444F2AB3AEEA63A7F1906FEAC8288C,SHA256=42DC3BA9CE1AC2FDC166C337CE55894A86848E60736A6B41EC8E8824D3DA4458,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172086Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.325{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.071.etlMD5=C33E12E5A3657245F222F2BABD770EEE,SHA256=080D82BB9D27F2156D95182714B8B342CD2BB99A37066C3B78704A4F51524A7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172085Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.310{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.068.etlMD5=D00175CF18EA0EE9F3D0E595DE6C6533,SHA256=333364D0836B82530B57CD863BAB856B2894B1E49326D9C1F7ABC55E970B88DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172084Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.057.etlMD5=B2BCE9C825E4EFEBB37560B4B8CD70F6,SHA256=3ECA25F93E32E085F805EA0FCBE41C5221FBE7698DCCD71D5780CBC5958DB255,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172083Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPinnedTaskBarItem.ps1MD5=C0016DBBE321F6E5DA9E9C89845AE1FB,SHA256=F009F9B9F702AE05301F4229DA3449EE9EFF15386D0DBE0A9EEDEF3C77B5AAC1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172082Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.064.etlMD5=051D6B87EA43862728E5757B0636F209,SHA256=0D601745220855F9D8966F906F8AA306630E61C8ADD3186CDA870E08DF1134FC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172081Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.294{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.067.etlMD5=B0D245F8099C89F2EB247D51B5798688,SHA256=8F49D03D58BC6D8D9C8C0137DB32E8879FFDC7D281CE4CD29FFAC62EF1291D18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172080Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.294{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D02C58F7031B1BA9A0DA7E9721E023AE,SHA256=30701F03D3FC8B2924E6DE87CBA2D520EC3690FC1C64E659B9DFA9AE37608E6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172079Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.279{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\Firefox.nuspecMD5=8803718EED6577886DDE5EABB29CF637,SHA256=DC0AD6F3E90900F6A9BCB66710C88A4EE5FBD016893FF5506DB7392AEF7AEE53,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172078Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.247 23542300x8000000000000000172077Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\git\git.nupkgMD5=BA0A20D1269604CD2134A978431A0CE0,SHA256=4AE71AA87077A2C09656CD224E1C7DD6929C92615C7F9B1311A3C5096A658EED,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172076Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.054.etlMD5=7A03DD7D4CABB6D6A6DBF74EEB10955C,SHA256=63B7437ECEA7FD228CBF5FA81A007A33D97013532812CD69963592354AFD0BF7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172075Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.063.etlMD5=3FD69535E2B7A80CC673A1DC7C17DB7F,SHA256=D1CD358A4570AADEB8B0CECC27D4BAE348E39588B28EDC050C27D646690234E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172074Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.056.etlMD5=DECB03A846A57F2E78B881D302CAF529,SHA256=5EF39CC41538FADD0563251BB745BFEA353C318711299AAC4BEC9BB6C80FD2D2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172073Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPath.ps1MD5=C075ECB0AE1490DBE8DD6D895EFB0E73,SHA256=52A5911B730F21CBCBBED2E52A1784B6F1F2F4D840D1A969DAFBEE8B89E8BE18,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172072Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.247{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.044.etlMD5=415A91EB726EF16D3EEFBA4255218500,SHA256=1C5FCEF84B86C52F727FD4DBBAAA083507219AB4FCC66E6D8EAD1FAED696B5EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172071Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.232{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.053.etlMD5=75008D361FBC77C22DD4FB3B49AECE64,SHA256=5082A7D518690E73FC24CA7ED7E8A625E3C3BC8E778E05CF4F24B2AE386F7337,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172070Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.052.etlMD5=F5BEB1808EEFB6E32F65538282639EA0,SHA256=EF14BA5D77A341BB11D06A8CE260BF11AFFA1DBBE1EAC44DE319D10268FF34BF,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172069Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.216 23542300x8000000000000000172068Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.216{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\Firefox\Firefox.nupkgMD5=5D746F09D8E845580D0774051A1706CF,SHA256=853317ABC1C2FEF3DAAF1F51C39A71F15EED854AA486E2D5F94359D7D88F3A2E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172067Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.200{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Remove-Process.ps1MD5=CFDFB899BE8491454B264BF7C5EF08BA,SHA256=090B1A55DF7DD64AC0A9B1BE90E41ECD6D70C7DD6EFE56493403372F55C06C67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172066Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.200{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyPackage.ps1MD5=42B8C8CB9F6A184EECF6A63589DE307E,SHA256=9031740A041614E8F56C257D8CD31BB9C16389744C58DF84F8FA42BC4939E35C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172065Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.200{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.055.etlMD5=C2AA616A666CBF3CB2DAD5165D1671DD,SHA256=DE29AA1CBD23A3F3F116E8CA60E423499F4E1FAC6DE244FB54505EA590B98ACE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172064Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.200{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.043.etlMD5=50B0CDFB7D9A48F729FCC1326891BE47,SHA256=508FCDBFF21629A8BD665E78CF7B24198B7BC0B3EB97C58B7F7E36B403918C7A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172063Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.200{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.048.etlMD5=970E7B5CA1A4752BE232EA7ACDC04532,SHA256=BD95CE89252F1039959FD2D04BC421CB9DEDF1BB8AFCF728DBBEFD3B5D1C659A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172062Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.169{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.051.etlMD5=6952269AE051D3E819E006878347FFFA,SHA256=E924EE28A93C988CD6789A89A12CC03E813760B0C4351CEB1AF3890218AA467B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172061Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.169{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Register-Application.ps1MD5=D2853E569DAC9A341642BA76EC4FB411,SHA256=A7E432146B2195A79875B6AC1AD82EDDF40EFEC79122EE41A68C68577E5D03EC,IMPHASH=00000000000000000000000000000000falsetrue 11241100x8000000000000000172060Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.153{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:30.153 23542300x8000000000000000172059Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.153{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey\chocolatey.nupkgMD5=193D9A6E05699976F6E3D8DCAA0EEFDF,SHA256=225D900E75687EC64EE65BF6CBBDEBB7F19D43CCF947413D3D3C362FFA515CA1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172058Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.153{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.027.etlMD5=154AE414ACFAA1EAAB5859F511349BC8,SHA256=B1B21E0296223A5DF95449C74AE27C25CA7E39FCD1D66E9A376809D9395225F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172057Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.153{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.050.etlMD5=96519F2B4D5628F7D7EDB9A3661BB52C,SHA256=D07EBAD7811430821F36D991A31EF32F6A287B09D06731389AD1DCF6EEE1FC8B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172056Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.138{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyInstallPackage.ps1MD5=E8D4D82A4EAC6E411EA5E895FC3C3949,SHA256=B7441F7348DE121319FE727E7020DE55304A0622B576B0E6E664910BDAC26D1B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172055Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.138{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.047.etlMD5=D8D807CABDB43F88154D766C8CDA7F88,SHA256=98CF4CEB1494DE72B09EAF1530BFA7DDC535BCEF101BB91661A0B942F5D956E8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172054Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.122{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-WebContent.ps1MD5=57D013E581EFEA3D4D8366183C9A5797,SHA256=8EB487D51E3879F21035828878E463438A15032B1DEB4018B3583EF60A92AFBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172053Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.122{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.042.etlMD5=0FF80F02C40D8D5635C2D875DDDA0CC7,SHA256=70D37A80B6BC7B05A4BE7E6BB70941D8EA97D6785B2D56DC166B8D55C95B2BF5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172052Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.046.etlMD5=6B13A5A5AA6DF7E4F1AEE1975778B69D,SHA256=B188C0447488B2A7835FCBFC90594F645847D4948B0BB638B069468504F317B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172051Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.049.etlMD5=714D74225F232B260F86F41F734ED822,SHA256=018CBC31C4E4DDC2E4032B60F2DCEEA25B6747B9BC20B6338336392888B6C382,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172050Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyFileAssociation.ps1MD5=64E4154CF3EDB90F852902E2E332F18B,SHA256=0C5E508D5C6960CD1BDC37F0231C570941699E9030CA3DAE94EAF94BCCD098BE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172049Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.107{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-UninstallRegistryKey.ps1MD5=3FAA5C11AAFC4EA35BB98EA797446C97,SHA256=748E1ABD1581C5C7360CC88C7A8C3BDCE13626C2D537484CBB3C529F0F8D49DD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172048Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.091{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.026.etlMD5=317F31BE68C2C6688B9DCB84E6EA0169,SHA256=27957330F6F6E78489A2F08CB1FF088E87AB0858C8A4C04CC9CD658160CB1BF6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172047Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.045.etlMD5=6D78CFF6C0137708659AA862363F55B5,SHA256=EDD51998D6BA9DCCB90007FFDA69552A71CEE62B2FB5B22EA74CCD82977B3D7C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172046Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyExplorerMenuItem.ps1MD5=9AA52F2AABE155492BBF93D5E345B49C,SHA256=FED4D5EA487734DAA2636A4BE518A339501C7CD69E3F4DD3D1A64206B8F3AE00,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172045Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.041.etlMD5=0179A13568FCB49882B9CF389278D688,SHA256=2775ADC063DF736673F17330826CC3F512CA4070669EA0A49A444E15088D9947,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172044Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageParameters.ps1MD5=C08B3AF8CA150B6609DF2B978B693269,SHA256=B5D464AB38A665FDF2E4A532C00B0470F69DDB6D68ED3121FE1091FBFDDEDCE0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172043Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.060{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.040.etlMD5=719D02E68E24B8560D7DCAD19879E608,SHA256=6ED28DD823473A17BC849FE74DC37C98FDE828EF06DA840FE5073FB1E64C81D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172042Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.025.etlMD5=68A971723E8F5F91FED97A4BAE95A1C7,SHA256=B11DB130017D476383E01B69BEF226E6D1ACB24648FABAF2257ECA5EF6E2B005,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172041Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.036.etlMD5=24A38334E20AF1BCF21538AEF69017C6,SHA256=434A92FCA5D3696501F81C26258089EB615F9F08BEF61405D25E21B43EF5BCDF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172040Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Install-ChocolateyEnvironmentVariable.ps1MD5=39F32C50403ACE662FA7C2D2BCFB1588,SHA256=9C99D26910E8CEA4E53F879F83CB107B813C64F004C80E967041352311631F50,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172039Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\lib\chocolatey-core.extension\extensions\Get-PackageCacheLocation.ps1MD5=77A378E5C659E5A53D2D64E276159B62,SHA256=409DAED00ECE17BACE5809F95A642455956DE49DB602873800149C2A53579F95,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172038Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.038.etlMD5=A72D6EEF045DA18B235D41D24B29C2D5,SHA256=53EB6F18EDD2B272ECD3427F0E0D3CA2EB658ED674F8E43D069E49F91156B512,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172037Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.039.etlMD5=78163400EFD21E4C244982E50B445F37,SHA256=492C4D0968E81B8D8EAFD1D48FA675ADE59B2C972CA938776A676D6C23BEB1BB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172036Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.024.etlMD5=309B52FDC9AAD004F98C5E9F2C6543BB,SHA256=D6B198592F1399EB0477EE7B4EC0680CABD61CC0E7F2F1B57391728DCBB211E2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172322Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.935{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44A329E183BFF125AC8735F1E4CB2072,SHA256=BAE3BE2C12FDC62471AAB85A50156D4E946B47B218E3763FAE96645340858B81,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172321Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.903{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=50B9DF7579626F31D8BCCE64A4BD003D,SHA256=740F3BDF4415EEED99EFEA9E4AD2777F629B3521A5D2C953D6C086A4482057FB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172320Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.888{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=331BE5736E05AE8593A1761139C50E36,SHA256=E85638F7ACB47288D75D87F95887ABB6ABE1B5CE959C9F8DB464A9442D8C7D32,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172319Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.872{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172318Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.857{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172317Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172316Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172315Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172314Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172313Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43925104C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000172312Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9800-00000000D001}43925104C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000172311Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564228C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172310Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.825{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564228C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172309Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.778{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172308Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.778{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172307Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.778{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172306Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.778{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172305Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.778{D8DCB3A2-45EA-60D0-9A00-00000000D001}44404700C:\Windows\system32\taskhostw.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\MSCTF.dll+af11|C:\Windows\System32\MSCTF.dll+b489|C:\Windows\System32\MSCTF.dll+be73|C:\Windows\System32\MSCTF.dll+3d832|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172304Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563192C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172303Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563192C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172302Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563192C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+1e03a|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172301Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563192C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\Explorer.EXE+1f054|C:\Windows\Explorer.EXE+1f000|C:\Windows\Explorer.EXE+1dfec|C:\Windows\Explorer.EXE+1e249|C:\Windows\Explorer.EXE+1df79|C:\Windows\Explorer.EXE+3c407|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172300Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172299Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172298Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172297Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172296Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43083816C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x8000000000000000172295Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43082720C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x8000000000000000172294Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\shcore.dll+35576|C:\Windows\System32\shcore.dll+201ef|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 10341000x8000000000000000172293Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2a448d|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172292Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2ca5c2|C:\Windows\System32\windows.storage.dll+cb155|C:\Windows\System32\windows.storage.dll+74066|C:\Windows\System32\windows.storage.dll+2a43ef|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172291Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2a448d|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172290Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2ca5c2|C:\Windows\System32\windows.storage.dll+cb155|C:\Windows\System32\windows.storage.dll+74066|C:\Windows\System32\windows.storage.dll+2a43ef|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172289Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2a448d|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172288Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+2ca5c2|C:\Windows\System32\windows.storage.dll+cb155|C:\Windows\System32\windows.storage.dll+74066|C:\Windows\System32\windows.storage.dll+2a43ef|C:\Windows\System32\windows.storage.dll+74783|C:\Windows\System32\windows.storage.dll+747fa|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172287Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.763{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+5126|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172286Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.732{D8DCB3A2-4534-60D0-1600-00000000D001}13041944C:\Windows\system32\svchost.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+235b|c:\windows\system32\themeservice.dll+1ed0|c:\windows\system32\themeservice.dll+2006|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172285Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.732{D8DCB3A2-4534-60D0-1600-00000000D001}13041328C:\Windows\system32\svchost.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|c:\windows\system32\themeservice.dll+144a|c:\windows\system32\themeservice.dll+4175|c:\windows\system32\themeservice.dll+3379|c:\windows\system32\themeservice.dll+31a3|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172284Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.732{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\CachedFiles\CachedImage_1920_1200_POS4.jpgMD5=5F621264AAC131F5EE4978ACEB696B55,SHA256=5EC412C0CAB2DE5CDE585FFC5FEC76C670306DFBF6AEBCFC726D3B34505D6B24,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172283Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c6b73|C:\Windows\System32\windows.storage.dll+c62e1|C:\Windows\System32\windows.storage.dll+c61f5|C:\Windows\System32\windows.storage.dll+c618e|C:\Windows\System32\windows.storage.dll+11c559|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172282Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c94c3|C:\Windows\System32\windows.storage.dll+11c3d0|C:\Windows\System32\windows.storage.dll+11c327|C:\Windows\System32\windows.storage.dll+11c4f7|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea 10341000x8000000000000000172281Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+cb257|C:\Windows\System32\windows.storage.dll+61155|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172280Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+61129|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.storage.dll+cc60c 10341000x8000000000000000172279Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c6b73|C:\Windows\System32\windows.storage.dll+c62e1|C:\Windows\System32\windows.storage.dll+c61f5|C:\Windows\System32\windows.storage.dll+c618e|C:\Windows\System32\windows.storage.dll+11c559|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172278Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c94c3|C:\Windows\System32\windows.storage.dll+11c3d0|C:\Windows\System32\windows.storage.dll+11c327|C:\Windows\System32\windows.storage.dll+11c4f7|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea 10341000x8000000000000000172277Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+cb257|C:\Windows\System32\windows.storage.dll+61155|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172276Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+61129|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+618c3|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.storage.dll+cc60c 10341000x8000000000000000172275Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c6b73|C:\Windows\System32\windows.storage.dll+c62e1|C:\Windows\System32\windows.storage.dll+c61f5|C:\Windows\System32\windows.storage.dll+c618e|C:\Windows\System32\windows.storage.dll+11c559|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336 10341000x8000000000000000172274Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+c94c3|C:\Windows\System32\windows.storage.dll+11c3d0|C:\Windows\System32\windows.storage.dll+11c327|C:\Windows\System32\windows.storage.dll+11c4f7|C:\Windows\System32\windows.storage.dll+61096|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea 10341000x8000000000000000172273Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+cb257|C:\Windows\System32\windows.storage.dll+61155|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c 10341000x8000000000000000172272Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085384C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+61129|C:\Windows\System32\windows.storage.dll+61078|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+3d38b|C:\Windows\System32\combase.dll+3e7b2|C:\Windows\System32\combase.dll+63ae3|C:\Windows\System32\combase.dll+3e8cd|C:\Windows\System32\combase.dll+61e6f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.storage.dll+cc60c 10341000x8000000000000000172271Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172270Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172269Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085212C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+9f408|C:\Windows\System32\windows.storage.dll+1a2b29|C:\Windows\System32\windows.storage.dll+1a2985|C:\Windows\System32\windows.storage.dll+a0166|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x8000000000000000172268Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43085908C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+9f408|C:\Windows\System32\windows.storage.dll+1a2b29|C:\Windows\System32\windows.storage.dll+1a2985|C:\Windows\System32\windows.storage.dll+a0166|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 10341000x8000000000000000172267Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.716{D8DCB3A2-45EA-60D0-9700-00000000D001}43084296C:\Windows\System32\RuntimeBroker.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|C:\Windows\System32\windows.storage.dll+9f28d|C:\Windows\System32\windows.storage.dll+9f408|C:\Windows\System32\windows.storage.dll+1a2b29|C:\Windows\System32\windows.storage.dll+1a2985|C:\Windows\System32\windows.storage.dll+a0166|C:\Windows\System32\combase.dll+aeb5a|C:\Windows\System32\combase.dll+a592d|C:\Windows\System32\RuntimeBroker.exe+12d1|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27cf|C:\Windows\System32\combase.dll+65213|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde 13241300x8000000000000000172266Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.localT1060,RunKeySetValue2021-06-21 14:31:31.716{D8DCB3A2-A28E-60D0-4810-00000000D001}5432C:\Windows\System32\WScript.exeHKU\S-1-5-21-792582155-850038707-153534265-500\SOFTWARE\Microsoft\Windows Script\Settings\AmsiEnableDWORD (0x00000001) 10341000x8000000000000000172265Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172264Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172263Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172262Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172261Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172260Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000172259Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000172258Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+ace56|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172257Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1b24a|C:\Windows\System32\TwinUI.dll+ace56|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+c6ae|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172256Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624700C:\Windows\system32\lsass.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1478C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\lsasrv.dll+24c07|C:\Windows\system32\lsasrv.dll+25d4d|C:\Windows\system32\lsasrv.dll+24a85|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172255Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624700C:\Windows\system32\lsass.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\system32\lsasrv.dll+249cd|C:\Windows\SYSTEM32\SspiSrv.dll+11a2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172254Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172253Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172252Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172251Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172250Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172249Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172248Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172247Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-45EA-60D0-9F00-00000000D001}48565348C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+109146|C:\Windows\System32\TwinUI.dll+82a97|C:\Windows\System32\TwinUI.dll+beade|C:\Windows\System32\TwinUI.dll+beaa9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172246Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172245Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172244Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172243Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172242Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172241Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172240Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172239Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172238Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172237Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172236Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172235Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172234Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172233Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172232Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0D00-00000000D001}8965444C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+1514|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+22b4b|C:\Windows\System32\RPCRT4.dll+653fa|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172231Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a384|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172230Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172229Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172228Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172227Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172226Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172225Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172224Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172223Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172222Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-45E8-60D0-8F00-00000000D001}3004768C:\Windows\system32\csrss.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172221Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172220Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172219Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.685{D8DCB3A2-A28F-60D0-4C10-00000000D001}53885436C:\Windows\System32\cscript.exe{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Windows\System32\windows.storage.dll+9070f|C:\Windows\System32\windows.storage.dll+90385|C:\Windows\System32\windows.storage.dll+8fe76|C:\Windows\System32\windows.storage.dll+912e8|C:\Windows\System32\windows.storage.dll+8fc9e|C:\Windows\System32\windows.storage.dll+92ab5|C:\Windows\System32\windows.storage.dll+92e34|C:\Windows\System32\windows.storage.dll+92470|C:\Windows\System32\SHELL32.dll+3cdcf|C:\Windows\System32\SHELL32.dll+3cc5c|C:\Windows\System32\SHELL32.dll+3c9ac|C:\Windows\System32\SHELL32.dll+122467|C:\Windows\System32\SHELL32.dll+1223c5|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+38b30c|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2d41f2|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+af11c7|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c0449|C:\Windows\assembly\NativeImages_v4.0.30319_64\System\cc732d30e6f14d29889113ae06e2408d\System.ni.dll+2c01b0|UNKNOWN(00007FFDBEE3EB48) 154100x8000000000000000172218Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.680{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe10.0.14393.4169 (rs1_release.210107-1130)NotepadMicrosoft® Windows® Operating SystemMicrosoft CorporationNOTEPAD.EXE"C:\Windows\System32\notepad.exe" C:\Users\Administrator\Desktop\HOW_TO_RESTORE_MY_FILES.txtC:\Temp\ATTACKRANGE\Administrator{D8DCB3A2-45E9-60D0-9F38-090000000000}0x9389f2HighMD5=BA78FCF8CA9D806C6C047357E31748DE,SHA256=34A07759492E31AEC2A009505FE8DFB50242375C4308AD4657B2872F4F75A077,IMPHASH=968239BE2020F1C0DAFFDCDBD49E9C82{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe"C:\Windows\System32\cscript.exe" -e:{F414C262-6AC0-11CF-B6D1-00AA00BBBB58} C:\Temp\dasdasd.js 23542300x8000000000000000172217Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaperMD5=9DE37DBC896CC810D359E534549B7A4B,SHA256=0DF5EE3285BD5F85D2BB0DCAEECE58211C3C601B54076E7F4BA1E5AFADF9CD27,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172216Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172215Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172214Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172213Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172212Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172211Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172210Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172209Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.669{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172208Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172207Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172206Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172205Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172204Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172203Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172202Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.653{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000014.dbMD5=B971415C222AD3E3F0912E7CB7686F6C,SHA256=EDFED6501A3485DE87553D0992C89A1B246B773A025DF92DE770FCADD6815F5B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172201Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.638{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172200Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.638{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172199Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.638{D8DCB3A2-4534-60D0-1000-00000000D001}4121560C:\Windows\system32\svchost.exe{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x40C:\Windows\SYSTEM32\ntdll.dll+a6cc4|c:\windows\system32\fntcache.dll+17acf|c:\windows\system32\fntcache.dll+1a697|c:\windows\system32\fntcache.dll+1aacc|c:\windows\system32\fntcache.dll+5034e|c:\windows\system32\fntcache.dll+50052|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172198Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172197Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+489d|C:\Windows\SYSTEM32\psmserviceexthost.dll+1a2ed|C:\Windows\SYSTEM32\psmserviceexthost.dll+11055|C:\Windows\SYSTEM32\psmserviceexthost.dll+108cf|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172196Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172195Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c526|C:\Windows\SYSTEM32\resourcepolicyserver.dll+11927|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172194Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172193Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172192Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172191Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.622{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+e9d6|c:\windows\system32\lsm.dll+d3ae|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172190Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.591{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564908C:\Windows\Explorer.EXE{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE070E50F)|UNKNOWN(FFFF804DE06B4C72)|UNKNOWN(FFFF804DE06AF271)|UNKNOWN(FFFF804DE06B0C3A)|UNKNOWN(FFFF804DE06AEEF6)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e|C:\Windows\Explorer.EXE+51aca 10341000x8000000000000000172189Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.591{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564908C:\Windows\Explorer.EXE{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+5cf54|C:\Windows\Explorer.EXE+5c591|C:\Windows\Explorer.EXE+5a5a3|C:\Windows\Explorer.EXE+5983c|C:\Windows\Explorer.EXE+56de3|C:\Windows\Explorer.EXE+4bb4d|C:\Windows\Explorer.EXE+49f72|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11ed7|C:\Windows\System32\USER32.dll+28e4e|C:\Windows\SYSTEM32\ntdll.dll+a9814|UNKNOWN(FFFFF803B205B8C8)|UNKNOWN(FFFF804DE070E50F)|UNKNOWN(FFFF804DE06B4C72)|UNKNOWN(FFFF804DE06AF271)|UNKNOWN(FFFF804DE06B0C3A)|UNKNOWN(FFFF804DE06AEEF6)|UNKNOWN(FFFFF803B1D72E03)|C:\Windows\System32\win32u.dll+10c4|C:\Windows\System32\USER32.dll+1ea2e 11241100x8000000000000000172188Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.435{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388C:\Windows\System32\cscript.exeC:\Users\Administrator\Desktop\HOW_TO_RESTORE_MY_FILES.txt2021-06-21 14:31:31.435 23542300x8000000000000000172187Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateUx.002.etlMD5=C79248B252AECCF6F53892E3651DD87C,SHA256=DFDD8E3DF2F54CEA6223F2A65012899FA3BFF43041CD1FCE9005381114B19E69,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172186Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.044{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.094.etlMD5=366BA2DC9DF338FA21A7FF6310E7901C,SHA256=C2F7A2E248A7A1AB9D4067CDA0696E378FE662D61AA64F3719413D5E4FD6BA43,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172185Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.028{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateUx.001.etlMD5=CB1A4A38EA03942CA03F33349D1F2D49,SHA256=BEF180A6780F94E18B003B51BC808B058D446EE0206266C5C52FAC493C76CE7E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172184Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.028{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.093.etlMD5=4835E05A1414B7AAB627EC77160CA83C,SHA256=61B9D46A78C3CB034E9B2AC7118ADC66AA12AB24887E22D6D23931B3AC05B8AD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172183Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.100.etlMD5=5477A0E967E3BA26F0E3BF92FB5BE71E,SHA256=69430143E4862F076F656948162197D69E0E25B8EBA740B9A36FDC9D02114420,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172182Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\USOShared\Logs\UpdateSessionOrchestration.092.etlMD5=556640A87EFE1B70CE1883F763329934,SHA256=A21CC8F85687727D0C5C7EDA455EE6D8BD9678CCF5B69425D5FC1F63A0351414,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172181Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.013{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Uninstall-ChocolateyPackage.ps1MD5=ADE09904C2662AC40641A2D45A05435A,SHA256=DE285036EA75DD49C54B7FB4BCB30218B14605C0C4FF9A44709055203B0EC519,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172180Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:30.997{D8DCB3A2-A28F-60D0-4C10-00000000D001}5388ATTACKRANGE\AdministratorC:\Windows\System32\cscript.exeC:\ProgramData\chocolatey\helpers\functions\Write-FunctionCallLogMessage.ps1MD5=679D1540FD95703024ED5A0378F9B5A1,SHA256=EC2E41E800F3968904EE4CA060DF7D4D26155D15C85942BA21880536D049AD70,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172335Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.904{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=1ED7D3B98BB1CB9D0944B320E63B1266,SHA256=A39FFF3FDFE581250473021D07CC7C0F7E4D96E718A1BDA5A67AA4D28F1BF0DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172334Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.716{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C7F3E8FD357CA3313B619980EE715ACC,SHA256=4E82EA4764147A4C33689420600E9FDC4D2990F10EAEC4D6D78BC74E7CB8CE78,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172333Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.560{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DA364D5D50BCDFD720E80FE1CC10C20,SHA256=01295078E3946249183457C3BC722B7662C52F1DDEEDCEAD66426CBCE154EE42,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172332Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.560{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=9471055D86E100896C4165B349300FAB,SHA256=93C7B04419D9C36A5DD0D01D163D137BC027489934A3A57464F3F9E0727C6A92,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172331Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:31.123{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50810-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172330Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.341{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C4-60D0-A610-00000000D001}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172329Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.341{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172328Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.325{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172327Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.325{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172326Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.325{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172325Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.325{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A2C4-60D0-A610-00000000D001}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172324Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.325{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C4-60D0-A610-00000000D001}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172323Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.217{D8DCB3A2-A2C4-60D0-A610-00000000D001}4412C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172354Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.935{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=823F421797853196D707048C7B8B7862,SHA256=129ABBFE781C451249B0BA189D1FD3E74C25E602D791A36FC11E350CD4912192,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172353Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.825{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C5-60D0-A810-00000000D001}6752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172352Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172351Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172350Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172349Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172348Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A2C5-60D0-A810-00000000D001}6752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172347Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.810{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C5-60D0-A810-00000000D001}6752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172346Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.701{D8DCB3A2-A2C5-60D0-A810-00000000D001}6752C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172345Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.747{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9C81D8BA32C2872FEDE58D716391BE0D,SHA256=FC839D6A67D90F6AC93B3FB9F5CE686571DF2F90714FD7A199048EBC73F9DB7F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172344Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.169{D8DCB3A2-A2C4-60D0-A710-00000000D001}67006704C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172343Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C4-60D0-A710-00000000D001}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172342Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172341Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172340Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172339Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172338Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A2C4-60D0-A710-00000000D001}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172337Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:33.028{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C4-60D0-A710-00000000D001}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172336Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:32.920{D8DCB3A2-A2C4-60D0-A710-00000000D001}6700C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172355Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:34.779{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=26FA83BC1AA1AE176FF71248BF0712E7,SHA256=D80C66F08C7F4E70F61D9D3AB07CF7CEA9F97FE68D42A43DE749066C1C5DB121,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172373Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C7-60D0-AA10-00000000D001}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172372Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172371Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172370Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172369Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172368Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A2C7-60D0-AA10-00000000D001}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172367Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C7-60D0-AA10-00000000D001}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172366Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.935{D8DCB3A2-A2C7-60D0-AA10-00000000D001}3212C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172365Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.794{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=117E8AE00A4AF3622AE8AC5ECE8CE947,SHA256=B7D18FC9BF69E937EE1A79C647A44679797F06BD323EB738E788EC22294EE349,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172364Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.466{D8DCB3A2-A2C7-60D0-A910-00000000D001}37046792C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172363Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C7-60D0-A910-00000000D001}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172362Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172361Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172360Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172359Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172358Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A2C7-60D0-A910-00000000D001}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172357Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.263{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C7-60D0-A910-00000000D001}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172356Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:35.107{D8DCB3A2-A2C7-60D0-A910-00000000D001}3704C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172385Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.889{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2B3D884118A11D1FD48E2A9A112D562,SHA256=C36A8E3264626F59B6B609BB41311601EBC2A4E252FEBC0ECD542D9AA675CA0A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172384Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.874{D8DCB3A2-A2C8-60D0-AB10-00000000D001}28524884C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172383Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C8-60D0-AB10-00000000D001}2852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172382Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172381Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172380Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172379Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172378Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A2C8-60D0-AB10-00000000D001}2852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172377Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.718{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C8-60D0-AB10-00000000D001}2852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172376Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.609{D8DCB3A2-A2C8-60D0-AB10-00000000D001}2852C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172375Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.107{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=735483E972F7E94F3926C274F60A2A46,SHA256=865532F8CE95817E80D2B4B160B42B31288B8A9F014A730F8C20D1F66C62BC6E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172374Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:36.091{D8DCB3A2-A2C7-60D0-AA10-00000000D001}32125668C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172418Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.749{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\ADMINI~1\AppData\Local\Temp\{87B69F32-DFDC-4BD4-8467-310CC154FE69}.pngMD5=5719BFC9CFDA7A9C059A71A47A0E6383,SHA256=2D3C9CC4880E5A8D8BB583C6BE6F5826DE19291405734EC9E3899EAEE78E431A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172417Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3200C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+739b|C:\Windows\SYSTEM32\psmserviceexthost.dll+ae34|C:\Windows\SYSTEM32\psmserviceexthost.dll+7bae|C:\Windows\SYSTEM32\psmserviceexthost.dll+12141|C:\Windows\SYSTEM32\psmserviceexthost.dll+170e8|C:\Windows\SYSTEM32\resourcepolicyserver.dll+12326|C:\Windows\SYSTEM32\resourcepolicyserver.dll+bac5|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172416Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564228C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172415Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564228C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\system32\twinui.pcshell.dll+27c24|C:\Windows\system32\twinui.pcshell.dll+17316|C:\Windows\system32\twinui.pcshell.dll+17671|C:\Windows\system32\twinui.pcshell.dll+176a9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172414Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\windows-systemtoast-securityandmaintenance_1_0.pngMD5=099BA37F81C044F6B2609537FDB7D872,SHA256=8C98C856E4D43F705FF9A5C9A55F92E1885765654912B4C75385C3EA2FDEF4A7,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172413Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1ea06|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000172412Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564952C:\Windows\Explorer.EXE{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e95e|C:\Windows\SYSTEM32\twinapi.appcore.dll+1e3d1|C:\Windows\SYSTEM32\twinapi.appcore.dll+1dbcc|C:\Windows\SYSTEM32\twinapi.appcore.dll+1d777|C:\Windows\System32\TwinUI.dll+ba2b0|C:\Windows\System32\TwinUI.dll+ba627|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+61c3f|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+5e336|C:\Windows\System32\combase.dll+5daea|C:\Windows\System32\USER32.dll+121e4|C:\Windows\System32\USER32.dll+11b2c|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+5be0|C:\Windows\System32\windows.immersiveshell.serviceprovider.dll+635e 10341000x8000000000000000172411Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172410Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172409Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172408Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172407Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172406Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172405Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856ATTACKRANGE\AdministratorC:\Windows\Explorer.EXEC:\Users\Administrator\AppData\Local\Microsoft\Windows\ActionCenterCache\microsoft-explorer-notification--c4b62999-f58a-0e18-f31f-a3e53f97f360-_5_0.pngMD5=5719BFC9CFDA7A9C059A71A47A0E6383,SHA256=2D3C9CC4880E5A8D8BB583C6BE6F5826DE19291405734EC9E3899EAEE78E431A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172404Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43925104C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000172403Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43925104C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000172402Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fc6e|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172401Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3fbe5|C:\Windows\SYSTEM32\twinapi.appcore.dll+2effb|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357b5|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172400Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f0db|C:\Windows\System32\modernexecserver.dll+3f049|C:\Windows\System32\modernexecserver.dll+3fd2f|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172399Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3f6a2|C:\Windows\System32\modernexecserver.dll+3fd1e|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172398Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+3f342|C:\Windows\System32\modernexecserver.dll+3fd0b|C:\Windows\System32\modernexecserver.dll+3fe52|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172397Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43922664C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+41bd7|C:\Windows\System32\modernexecserver.dll+3fdee|C:\Windows\SYSTEM32\twinapi.appcore.dll+2efb4|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f0e4|C:\Windows\SYSTEM32\twinapi.appcore.dll+357ab|C:\Windows\SYSTEM32\twinapi.appcore.dll+34ef6|C:\Windows\SYSTEM32\twinapi.appcore.dll+34eb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172396Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A2C9-60D0-AC10-00000000D001}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172395Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43926260C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x101000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\twinapi.appcore.dll+2f400|C:\Windows\System32\modernexecserver.dll+47a8c|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000172394Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-45EA-60D0-9800-00000000D001}43926260C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+119d|C:\Windows\System32\modernexecserver.dll+478ab|C:\Windows\System32\modernexecserver.dll+476e0|C:\Windows\System32\modernexecserver.dll+4763b|C:\Windows\System32\modernexecserver.dll+3985d|C:\Windows\System32\Windows.Shell.ServiceHostBuilder.dll+1781|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c 10341000x8000000000000000172393Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172392Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172391Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.733{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172390Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.717{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172389Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.717{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A2C9-60D0-AC10-00000000D001}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172388Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.717{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A2C9-60D0-AC10-00000000D001}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172387Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.609{D8DCB3A2-A2C9-60D0-AC10-00000000D001}3432C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172386Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.624{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F72206450F94CB676824FE4DD8EBCA09,SHA256=1889469B68983416694057D85A0E412912FD445C8B2EC681408A2A1A55B6A889,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172431Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.046{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50811-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172430Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.108{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F55E9C7864FC494D7DE2749D095664F,SHA256=3DC30C0C82755752B595A1297ED977BF43164BAFFDB8CCC35FDE46F43AF97CAC,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172429Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172428Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-4533-60D0-0C00-00000000D001}8284756C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172427Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172426Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172425Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-4533-60D0-0C00-00000000D001}8285624C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172424Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:38.061{D8DCB3A2-45EA-60D0-9800-00000000D001}43926260C:\Windows\system32\sihost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\SYSTEM32\usermgrcli.dll+1121|C:\Windows\System32\modernexecserver.dll+37dac|C:\Windows\System32\modernexecserver.dll+37d4f|C:\Windows\System32\modernexecserver.dll+375a6|C:\Windows\System32\modernexecserver.dll+1a1c4|C:\Windows\System32\modernexecserver.dll+3191d|C:\Windows\System32\modernexecserver.dll+32871|C:\Windows\System32\modernexecserver.dll+3278f|C:\Windows\SYSTEM32\ntdll.dll+2063e|C:\Windows\SYSTEM32\ntdll.dll+1e854|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172423Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.999{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+78b1|C:\Windows\SYSTEM32\psmserviceexthost.dll+74d7|C:\Windows\SYSTEM32\psmserviceexthost.dll+12fce|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172422Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.999{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172421Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.999{D8DCB3A2-4533-60D0-0C00-00000000D001}828864C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x3600C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\psmserviceexthost.dll+966a|C:\Windows\SYSTEM32\psmserviceexthost.dll+776e|C:\Windows\SYSTEM32\psmserviceexthost.dll+12f1c|C:\Windows\SYSTEM32\psmserviceexthost.dll+15b2b|C:\Windows\SYSTEM32\psmserviceexthost.dll+1011d|C:\Windows\SYSTEM32\psmserviceexthost.dll+104a0|C:\Windows\SYSTEM32\psmserviceexthost.dll+13952|C:\Windows\SYSTEM32\psmserviceexthost.dll+16139|C:\Windows\SYSTEM32\psmserviceexthost.dll+16c03|C:\Windows\SYSTEM32\resourcepolicyserver.dll+1a70e|C:\Windows\SYSTEM32\resourcepolicyserver.dll+14fc2|C:\Windows\SYSTEM32\resourcepolicyserver.dll+c61d|C:\Windows\SYSTEM32\resourcepolicyserver.dll+118d9|C:\Windows\SYSTEM32\resourcepolicyserver.dll+b91a|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c 10341000x8000000000000000172420Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.999{D8DCB3A2-4544-60D0-2D00-00000000D001}29684480C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\tileobjserver.dll+bce2|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 10341000x8000000000000000172419Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:37.999{D8DCB3A2-4544-60D0-2D00-00000000D001}29684480C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6cc4|C:\Windows\System32\RPCRT4.dll+67d2f|C:\Windows\System32\combase.dll+620bb|c:\windows\system32\tileobjserver.dll+bc8f|c:\windows\system32\tileobjserver.dll+26da2|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+618a9|C:\Windows\System32\combase.dll+27a9|C:\Windows\System32\RPCRT4.dll+62d9b|C:\Windows\System32\combase.dll+6520c|C:\Windows\System32\combase.dll+64ec2|C:\Windows\System32\combase.dll+63798|C:\Windows\System32\combase.dll+6155d|C:\Windows\System32\combase.dll+60c3f|C:\Windows\System32\combase.dll+7c419|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49cde|C:\Windows\System32\RPCRT4.dll+30ed7|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a 23542300x8000000000000000172432Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:39.014{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=11D7B062E892F33C0FD6C8073CB1DB4F,SHA256=545E6B1D9F448C3B2BDCC6CCD57F9F2E80739F140AE77997F85DD50FA33DD77C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172433Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:40.015{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=99F4CAB32808672AF181104243B7D407,SHA256=83DA0EE4833F1C85949F7DA1FEC3BCEA30BF3E46147345AA21F5D3B9CB68096A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172441Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172440Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172439Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7D0F-00000000D001}5588C:\Windows\system32\cmd.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172438Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172437Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172436Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172435Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.514{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A015-60D0-7E0F-00000000D001}5972C:\Windows\system32\conhost.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172434Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:41.249{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C9B89B673E96695F62CCEB5C2B8C7015,SHA256=1D1240924D01AEBCC2A9C772FE08F6EFC8E2E93B910C6114266C11F51C760DE5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172443Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:42.421{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93B1CE3CDE403F5B91B402034F8310CB,SHA256=9C4C13AC12C4D556CBE4F2CB316C0FE2943817A525C6029512B60E7BB3D68345,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172442Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:42.249{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172453Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:42.202{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50813-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 354300x8000000000000000172452Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:42.124{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50812-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172451Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.640{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+62945|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172450Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.640{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+6285e|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172449Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.640{D8DCB3A2-45EA-60D0-9F00-00000000D001}48563244C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62827|C:\Windows\Explorer.EXE+3c618|C:\Windows\Explorer.EXE+3c4a4|C:\Windows\Explorer.EXE+3c411|C:\Windows\System32\windows.storage.dll+7b7ef|C:\Windows\System32\windows.storage.dll+7a56f|C:\Windows\System32\windows.storage.dll+7d51f|C:\Windows\System32\SHCORE.dll+367a6|C:\Windows\SYSTEM32\ntdll.dll+39cf9|C:\Windows\SYSTEM32\ntdll.dll+1e88a|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172448Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.624{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61d9f|C:\Windows\System32\SHELL32.dll+622c0|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172447Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.624{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+47c90|C:\Windows\System32\SHELL32.dll+6227c|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172446Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.624{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\SHELL32.dll+61724|C:\Windows\System32\SHELL32.dll+62250|C:\Windows\System32\TwinUI.dll+12d491|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172445Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.624{D8DCB3A2-45EA-60D0-9F00-00000000D001}48564988C:\Windows\Explorer.EXE{D8DCB3A2-A2C3-60D0-A510-00000000D001}5376C:\Windows\System32\notepad.exe0x1410C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\TwinUI.dll+12d2c9|C:\Windows\System32\TwinUI.dll+12df7f|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172444Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:43.421{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5D3A1EDE8D0706E3CE06ADAE8ADC286,SHA256=B3A38ECBFBE2ECF9EB98326C7B24078953B8D0C0C53DC2587A96B38DE8A682E7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172454Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:44.639{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34D95A3149885800201FD629CAEA864C,SHA256=C6FADEFB32AFEC359BB30872F2F1DD1C79CF8BB5C34F26BF862BB69AE9388D25,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172455Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:45.655{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E6EDEDD7EE0BEF3E86A7D627A3F685B8,SHA256=6D60FD15EFEB2AB8B7F1480988E0024DC295C50EDCE11380AAC30AA66B92A2A0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172456Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:46.671{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7DE524F8999CC1A08385C768EE7F7691,SHA256=FDD55CB9736762CDDE1D39046F99483219F4343BE81A19F520AE2B50228A8722,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172457Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:47.671{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=994B04BE43317A489D295C825CAB3286,SHA256=C2BE62C0C08523443D847E6AC4FC86424CD7AF0E74AC1C9A803FC914E95B35F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172458Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:48.889{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=598C46E69365CA3BD02AAD2B975404B0,SHA256=CC3C3F395AC20159C24634386EC8C1B9D715A6CD9A89AD923C321D074D094886,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172459Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:49.921{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F9A0CD0B67BF7598C4C83645AAF6363,SHA256=AC211421B6C57CF346679E66600E36BA5D07D2145C622BCD80F8A561867490E5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172460Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:48.030{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50814-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172461Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:50.999{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B478416BD79BD4D00FF16B53C807B48,SHA256=31317DF38F1EAFD8057F998A9BAF7939F4857524DF3893B71A9244E141962C1E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172462Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:52.014{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADD35DD7452B81FA88D0060D881EBE53,SHA256=527C2114DB624FBB4C078B3096C97922D46E7B31D7E23764AA87A1818D60E0B4,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172463Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:53.030{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=93A23D948C816F65E7D3DE2D2DAB4EF9,SHA256=0CD76B62F795F95DDA8344DAEFE9486894B702906D9AF4EB12CB5C9E9D771825,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172464Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:54.092{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=44FB6025F1DCE872A7F1DE9651CC81DA,SHA256=707D3349737C5BFDBC197F540F170244B99188A584A63707452022861989EFE2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172467Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:55.389{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=25F5F6281B355F0018EBDA7BBFF4F2CA,SHA256=B4B74104E53965804E4C3142FEEE2C9CB2403B6DC9B2B07EF458FF455DD78542,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172466Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:55.389{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B04DC7261D346BF30B6616F2952B1483,SHA256=E13A5683E0215C9BA24DA2BBF0B767EA3323D8F3619C5CC1EAEB2893BDE4110E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172465Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:55.124{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9BC422E2204600FB3BF798C203D2837,SHA256=31EED12601FC358B65597CBD3DE85EDD2B0B2E82F353F4BA94A9BF0F35107E9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172471Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:54.343{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50816-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000172470Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:54.343{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50816-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000172469Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:54.046{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50815-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172468Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:56.139{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D25AEF8F0970D7030C1D8D51B98F9D3,SHA256=BAABD1450918C432779179C0E9F0EB7A175FF8A4646536ECD521260D16E959D0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172472Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:57.365{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=662CD7ED17E1AB82CA42FA420781EEF2,SHA256=0AF518E299DF318FCF3D3EFC25B1BAE814C16201BD6630B0FE623F345CCA73C3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172473Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:58.599{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4A28A69E1378CD4CE54A1BD33E51EE56,SHA256=E1F56E4B0412FC536EB7619D892DF8E40FB6C961385611B807A3280ECE250D86,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172474Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:59.693{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BACD50E5C6E6EBF0C88A880EA4455885,SHA256=241AFE49E26F7A6EAD962FD3B30EF03694739DB733A2B7343D1D5F0484096D12,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172475Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:00.709{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64C64BBDB11FA596AB4A621FF1FD6D00,SHA256=B3349ABFF83E55DAE82B118A95160B30D5280C5BCB7E8245F94B4A14C2EAD2CE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172477Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:01.771{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7F66FC1E75E6023A7AE3D34ADE611B0F,SHA256=160C0AAFC43C4D4F3EB7B34345A58F8F4594E5AC5E832994EE4E895F4A183BCE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172476Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:31:59.209{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50817-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172478Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:02.787{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=73258B4F2EB5778E37058408C0B7D8AC,SHA256=48E2B1F6ECD3AC17CD64798A9E2BAA1F8D070A7EBF9B75067471C8FA01C19573,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172479Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:03.803{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A36FE85F468361EF2FA8CDFF6F3AD309,SHA256=0911B459E350BD5DD748D74E5CF0FD6C55F0BEEB448AF81AA427083AEBC219D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172480Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:04.818{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4524B1B05B537CA5A05C3588EB8E3304,SHA256=6205ECA583AD338E0B831EDF33C85C4A984A4230C7AABE744C218DC67BE685BC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172481Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:05.818{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9FFB33452CA5BADA6CDE2CAE5F9EDC69,SHA256=BABBFA21C4C3F100BFA5C1D8741E1D0B026AD735C9E9E4DCBBAC224DF8FD91B1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172482Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:06.834{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09054B8A98BE5C5968E8D251DBEC79DB,SHA256=EEA5CAA02E1230CF9ACDAACE024CEBEA1E500344747218D68BA7B4E694515824,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172484Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:07.849{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F85F856737429A5AE66E0A39EF5A245B,SHA256=E93325C0C507607940966612D955F1148BF38B9ED73BBDE03AF8720D7B76C49C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172483Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:05.130{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50818-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172485Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:08.865{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A913FB385C54EF28E37D30719263EA1E,SHA256=F7EF8E978C1C0FF4D2192F5EA56752DAB6D9D7563D6F77DE7470164FDB1D1E2C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172486Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:09.896{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2458B5254C177878B378849A6D38AF27,SHA256=82997837A92A389B0D742B8C58C4DF192F5111513088BCF47A5BD8202AC160A8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172487Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:11.037{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0810C6306C46D00AEEFDCFE3C5AF066F,SHA256=65C709480B04DDF053054A8E677D4247648A4952B25CF28A6ADC4E34AB5F6116,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172488Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:12.287{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=CEF6B8659B008CD6EA97DC64CA810237,SHA256=BE22D524E8B74E44230E5E5376B53232723D1C993E34ABACEABECFD2F8620679,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172490Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:11.005{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50819-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172489Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:13.412{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FE0510AC397A016E9CC74D4464441C77,SHA256=2CC12021AF6E0EB4B2D40BCE3D9FAE13F3F28E1CBF3A61262C76BF9BA16A7D7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172491Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:14.443{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54F8257125DF92E16A1D1D71BE95CD93,SHA256=05606D49B7092C199C9DD36362100781D39D6BAD6AAF5A3EAB532522494C986B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172492Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:15.662{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B326744A495CC84892B5B213A77B0E7D,SHA256=A5D2FA646FE574D96F87FED33A494006F08F23B9745E923EC8C1DA2E498820D7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172493Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:16.900{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9AE739153CA2A64B295E2E7C2DCE9FB,SHA256=F13CD75E7683C96BD549F85AECF856BDB2183A941D717CDCD8BDEF1B33E03BBF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172495Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:16.146{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50820-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172494Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:18.042{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F1A78CCA4E08D5A9771D04070CF6E848,SHA256=911B36E72CC24504AEDBE7DF4DD74ADA6C4ED4061CD3EE24D74E7AAEFE45FED6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172496Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:19.055{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2E7A15A749E546D4CAC54A3A92998696,SHA256=4B929C2EABD988EDD2597E80BD898ABA2FF0CD267F6F0CC428659DC6A889DA77,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172497Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:20.090{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2AFD06BDC177E899853ECC1B2760F87F,SHA256=8C50CA08B9B3672738B9E58C19AB3849CD8024A89DF123F35262803F1524F620,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172529Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172528Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172527Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172526Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172525Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172524Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172523Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172522Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172521Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172520Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172519Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172518Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172517Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172516Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172515Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172514Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172513Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172512Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172511Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172510Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172509Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172508Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172507Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172506Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172505Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172504Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172503Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172502Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172501Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.809{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172500Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.716{D8DCB3A2-4534-60D0-1600-00000000D001}13045536C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2a2f2|C:\Windows\system32\wbem\wmiprvsd.dll+29e26|C:\Windows\system32\wbem\wmiprvsd.dll+28432|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172499Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.716{D8DCB3A2-4534-60D0-1600-00000000D001}13045536C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\wbem\wmiprvsd.dll+2597b|C:\Windows\system32\wbem\wmiprvsd.dll+283dc|C:\Windows\system32\wbem\wmiprvsd.dll+57817|C:\Windows\system32\wbem\wmiprvsd.dll+8a475|C:\Windows\system32\wbem\wbemcore.dll+bcb3|C:\Windows\system32\wbem\wbemcore.dll+3393|C:\Windows\system32\wbem\wbemcore.dll+22adf|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+2c9be|C:\Windows\system32\wbem\wbemcore.dll+202d8|C:\Windows\system32\wbem\wbemcore.dll+390e|C:\Windows\system32\wbem\wbemcore.dll+22bba|C:\Windows\system32\wbem\wbemcore.dll+22a19|C:\Windows\system32\wbem\wbemcore.dll+21f5a|C:\Windows\system32\wbem\wbemcore.dll+22711|C:\Windows\system32\wbem\wbemcore.dll+2d78c|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172498Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.325{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8920AAAD0DDFD5850B768635689361D,SHA256=EC4C06DED6CBB08D6126AC55DA5F59CB8051261E3E56E8E2B1C27DE24906D279,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172540Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:22.840{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F3FB87D799FD6DD48F13DD76E9CB1173,SHA256=C707727B95946F4981478061B10CACFEA2F258D17191F49B7809AF174F9FA05C,IMPHASH=00000000000000000000000000000000falsetrue 13241300x8000000000000000172539Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x8000000000000000172538Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x016ed656) 13241300x8000000000000000172537Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d766a1-0xdd1c66ed) 13241300x8000000000000000172536Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d766aa-0x3ee0ceed) 13241300x8000000000000000172535Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d766b2-0xa0a536ed) 13241300x8000000000000000172534Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeConfidenceDWORD (0x00000008) 13241300x8000000000000000172533Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\RunTime\SecureTimeTickCountQWORD (0x00000000-0x016ed656) 13241300x8000000000000000172532Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeLowQWORD (0x01d766a1-0xdd1c66ed) 13241300x8000000000000000172531Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeEstimatedQWORD (0x01d766aa-0x3ee0ceed) 13241300x8000000000000000172530Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:32:22.700{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\system32\lsass.exeHKLM\System\CurrentControlSet\Services\W32Time\SecureTimeLimits\SecureTimeHighQWORD (0x01d766b2-0xa0a536ed) 23542300x8000000000000000172542Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:23.919{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8B5DBD112BBC086E6A88A8968D3D7725,SHA256=0A30C4BF23541C4E8F379B8B8FF0A70EF7DEFAE7B063421941F9697A7A6482A7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172541Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:21.168{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50821-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172544Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:24.950{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E3645995364F44560C419A0918A6B2F8,SHA256=A287BF0434ADFD56F1346E0A611EA1CE8BE2408B13A24DB8014FC61A79C61D1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172543Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:24.840{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=76D8C26CA89A07E7C888DEA3ED0A0D11,SHA256=916A8DB7752F49509DBB5771E432FC2BE3D9D303BE7CE9932FEE4E3156C2C1CF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172545Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:25.966{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9F9838E04B41A85AFEE472EB30C01E1,SHA256=963BC88D472B7AE4F60575783ABA9DC0226693DCC5988F00E5F8246453EA981A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172546Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:27.059{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EADE9BD353134FF8183FCFED57715B20,SHA256=3C5738E21AF9324A9877046F8572EE28985F27F091D39A7C94E27A2407E00077,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172548Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:27.058{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50822-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172547Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:28.075{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=70F0D27FFEC640D9FA8D595DF5A8627B,SHA256=555A37C9C58E2B8767F8816F8C156117C8DB1B05B3849CAF0B1A28142FCFF016,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172549Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:29.137{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F196C3436176217698388DFC4491F0B0,SHA256=59F15F0D07A95233A8E9D79F6527311F1274A4712F05B63561B3B75FB95799D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172550Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:30.184{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5DE3965E7D8AA7EA4FD24C43FF462D8F,SHA256=1A944F7BE9C956AD1E3BDCCE3E477B89DB5DAAF8B5DDCDD983B8068CE509DA0B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172551Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:31.278{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=DDDE04BA5A8E702F37845CFB1B4642F4,SHA256=5009AF75F97CCBF5D8B9C2D489BBDBB8F9E9A97EBFAE126D2C1B9270C39F017F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172568Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A300-60D0-AE10-00000000D001}572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172567Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172566Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172565Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172564Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172563Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A300-60D0-AE10-00000000D001}572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172562Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A300-60D0-AE10-00000000D001}572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172561Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.919{D8DCB3A2-A300-60D0-AE10-00000000D001}572C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172560Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.434{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=75FDE1F6A96E9192B47D570A92339FD5,SHA256=54FDC9F983DA53D933DB5C1C1E39187E6751E2D07823596CC224BBA76008BBF8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172559Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A300-60D0-AD10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172558Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172557Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172556Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172555Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172554Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A300-60D0-AD10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172553Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A300-60D0-AD10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172552Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.247{D8DCB3A2-A300-60D0-AD10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 354300x8000000000000000172581Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:32.152{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50823-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172580Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.653{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=07B350D868D6D4E469326EFF8FB99DC6,SHA256=2ED96867ABB8DE43BB8BEC8A5808F5E2458EDDD605B56AD1F40C8EA9101EEEBF,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172579Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A301-60D0-AF10-00000000D001}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172578Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172577Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172576Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172575Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172574Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A301-60D0-AF10-00000000D001}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172573Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.590{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A301-60D0-AF10-00000000D001}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172572Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.591{D8DCB3A2-A301-60D0-AF10-00000000D001}7008C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172571Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.262{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=992A45D71994B7D832C8A430A674F985,SHA256=386B0EF2035547EBDD3A28761EEE9E0BA76909A95B05D11153D5FAE67FC5705E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172570Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.262{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=25F5F6281B355F0018EBDA7BBFF4F2CA,SHA256=B4B74104E53965804E4C3142FEEE2C9CB2403B6DC9B2B07EF458FF455DD78542,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172569Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:33.075{D8DCB3A2-A300-60D0-AE10-00000000D001}5725976C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172583Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:34.715{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2299DE8AA48B33EA49B320AC95D068CC,SHA256=C5C77BD1ACD3D3D724620435847539DC26C410B3F2F8DCBFA49FFA289CD9DCDD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172582Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:34.606{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=992A45D71994B7D832C8A430A674F985,SHA256=386B0EF2035547EBDD3A28761EEE9E0BA76909A95B05D11153D5FAE67FC5705E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172602Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.934{D8DCB3A2-A303-60D0-B110-00000000D001}68646860C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172601Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172600Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172599Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172598Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172597Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A303-60D0-B110-00000000D001}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172596Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A303-60D0-B110-00000000D001}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172595Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A303-60D0-B110-00000000D001}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172594Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.794{D8DCB3A2-A303-60D0-B110-00000000D001}6864C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172593Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.731{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=920B4EC646CA540670C4BEFC703C4328,SHA256=8CCE1BA6BED42C91AF2926B1B09ACF96AB7B0C977ECCEF8B59281BDF8EFF9539,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172592Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.309{D8DCB3A2-A303-60D0-B010-00000000D001}69886984C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172591Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A303-60D0-B010-00000000D001}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172590Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172589Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172588Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172587Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172586Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A303-60D0-B010-00000000D001}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172585Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A303-60D0-B010-00000000D001}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172584Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:35.122{D8DCB3A2-A303-60D0-B010-00000000D001}6988C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172613Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.842{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2B804E986FEB374412F782B434CC1552,SHA256=F51AE4B6B9657E446E6171B8D72423FC1BE6CD402AE98530D1F2372785FB69C4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172612Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.702{D8DCB3A2-A304-60D0-B210-00000000D001}23246932C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172611Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A304-60D0-B210-00000000D001}2324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172610Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172609Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172608Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172607Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172606Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A304-60D0-B210-00000000D001}2324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172605Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A304-60D0-B210-00000000D001}2324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172604Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.468{D8DCB3A2-A304-60D0-B210-00000000D001}2324C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172603Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:36.137{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5A04696F0AA5FE512409C94D6BB2C06B,SHA256=902BE5DB2905E78626FC47F214609385B5F67A4707A965AFFA6E6508318BC3B9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172623Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.889{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=160379BD4B070744DBE7607C02396C03,SHA256=69251D7851C63D0C06CA699F31A96D7631E3A8C89C7548D4C4B04F637501781F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172622Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A305-60D0-B310-00000000D001}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172621Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172620Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172619Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172618Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-4533-60D0-0C00-00000000D001}828948C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172617Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A305-60D0-B310-00000000D001}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172616Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.608{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A305-60D0-B310-00000000D001}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172615Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.609{D8DCB3A2-A305-60D0-B310-00000000D001}7068C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172614Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.499{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=6E3BE5725AF81356EAFA08691E2EEEDA,SHA256=9E21609F7F505638FBC7AC97A1A2927E270DF688B4389CACD2AD8F29C44CDA7C,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172625Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:37.216{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50824-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172624Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:38.639{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=38517E52389C907FE9BE9F652930F7F4,SHA256=85C0BCFF62C72B47DE21887209EB6418A301344E4168A9FB5FAAB7206FC1A99F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172626Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:39.124{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=414DF3CC0D744C89B8FE0D9CCCC0C204,SHA256=74F4059878533CA760A997DA8F8CBC7A47DD4B19F2A7F4DE655840944ED153FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172627Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:40.188{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B49C6590C217B43EA23576AA7DA91B6E,SHA256=5850FCA5D5FC3EF185D7FE70A12901881EC0BAAAF3205D0047F31024E46C3FBA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172628Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:41.219{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=03AC69C21E4386A5854E8A532D8C4B16,SHA256=F425F7292E0C48431755E137EA9512AF73FD53F11F1CCCD21EDE96701C0467E0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172630Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:42.281{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172629Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:42.281{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7949056E1FCB4C0201B91F9170A57E09,SHA256=BB61AD2C58A9E15BF9C3E4EC27E39DD67DC51DA1C68366396EFA84E0639F2388,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172631Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:43.312{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FA23A44B91B24CD0A33A4017EE2BD1F,SHA256=86121AB08667F22EB9D7E2A213EE245C8BD31704E54228CF6C3997E6649B6272,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172633Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:44.328{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3645A293225441E1B3AC4BCF21B02F37,SHA256=9424A9EA59965443D3379FC3464116C0D040074A58FF75DD619725703C5C8FE0,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172632Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:42.233{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50825-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000172635Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:45.344{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71F50AA294A307EEC3ED7B30B7E658B6,SHA256=F834DF62773749BBEF18208DBFF6E0C5096136D6DC9DD5634F52D255CE92BE17,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172634Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:43.076{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50826-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172636Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:46.359{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=659C58F8DC8AED4556E4F757A7A32A6C,SHA256=F4F284F640D16CC29162D9987B3628C7571E98008F8C280E0284B168A6F61F8D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172637Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:47.375{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=90CDC82FB008E29DA80655ACCC517ABB,SHA256=21833DCB7EB7CE95DCC6A21E1C04EFF4DE1E52963C18F9B9C422D9C21A77362E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172638Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:48.437{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EFF0BAC568345392ED6BB5BEB035637F,SHA256=7D11EEE4ABF6E0D2C8CB7E0EA667977D4B3B1B9C95F0619743ACCFDB76D40956,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172639Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:49.438{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C61F51ADAEA80335CEDE33BBD759EDEA,SHA256=A630BD48ED8B198B118D345E83A4C2729EAA1B028AB7F1AAA13834DD9109AA43,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172641Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:48.154{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50827-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172640Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:50.453{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B45C07BDA0CC5E58DB2AB8F88C3F991,SHA256=967DAA1BD0ACF57EEEA14615F1E9694A0C8A105D03B3EF9CEBA437323D83C6A1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172642Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:51.547{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5F34B78FFE41727339A86B20707365DE,SHA256=59012AE17F6706A88549F07106D9323B770BE3A3AD5206D0B7B21C03B0941BC3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172643Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:52.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=465FAB8838F58ABAFAE312B9BD3589C3,SHA256=FF16A30F22357F598FA26E7CC339E48D8F11538E3092DFC8193C2BFEBB7827AC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172644Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:53.812{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6290048C6349D943F671B467673C920,SHA256=AD80CE1AF681F51D3848F3CB2DC34465B68D0BBFE2C81926DEAD89F10AD195CA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172646Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:54.922{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34047C6744B7C65575AB0CE744C8F6B3,SHA256=DF9F4B44F0F982A2DFECF571656EE82313C54301F6915700D676B1201A5F52EE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172645Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:53.186{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50828-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172648Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:55.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=645D135AC6802D0E92E2339DAA43330D,SHA256=EC1E3652D3375876A7B7D97D49ACB1E36871B83361D22AFA13502F6F6E5044EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172647Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:55.406{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5645BDD418F7094E4F0C2BBBD552924B,SHA256=62E5ABBEAF2F05E6C29B9AA71B04B1DB7AA6B74DD52BFD7BCEDB722AD36081D6,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172651Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:54.357{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50829-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000172650Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:54.357{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50829-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000172649Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:56.172{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2139CF75F21178574319B8BDD46DB445,SHA256=2F32533DF1C81064C60991B338C163B40365414E5AF27A5CB072583EC4FC63F9,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172652Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:57.394{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7E06513045E6F31B6A0A3AE284434357,SHA256=D4C12AC724FC3FD0CE2197096AEE6C76EF94F7DEFA8C082B7E57A12EC6A3237C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172653Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:58.425{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8AD617459C724B84AD2E7D27539DEB54,SHA256=775CA2E7E49E7A694F220B5AE5658F27F60EA81D85F772CE0EE9E8F12018BD7F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172654Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:59.519{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=873906BD9DEA516355ADF88026C800EA,SHA256=02A096DE70CC6E4235BFE5A58146E735AC43DCC43082C8A5FEAB14E5E5752E65,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172656Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:32:59.080{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50830-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172655Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:00.535{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=19797C27BEBF3F16CFB62FB43D8EB651,SHA256=21AF0BEDE1A4C408369DE427F477A5012347CA6A6431740DE16FB09AF392AA8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172657Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:01.769{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=343FB259D99E5C6825F0A1E1D3F943DF,SHA256=2D5D2B6FB32504B1AB28ACC1D34D50BFD5D8A161227D5CA3842CC12F5F6E148B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172658Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:02.863{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81F5EFCBB0A848BF7351D38707215D3D,SHA256=03AA3C929F252592E42F5912C359C9B1A8C91547C7FAAA77D4261C438D257A98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172659Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:04.082{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D316EF5E2A8E2FC5BFF57EF7E9694C8E,SHA256=6480551139ECEC9663748096304D481F01342FCE547B899DB15EF564E3746841,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172660Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:05.113{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0F2245635A8FFD9DC3EB027613D235DA,SHA256=5891C9A5204EF2FB1275D91D284329C27A6F9AA4E96A3D9527A8186633331134,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172661Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:06.332{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0FA7E0835F655FC874F2B90C9A57AD4D,SHA256=63FE96C19A8B5777BDEFDCCAB23351F9D3A449CA85A02414DD3DCFF234DD563E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172662Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:07.425{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=54B52AEB31F154D40B2606C1B380CBAA,SHA256=9AF8004BE4EAB6AE3D11ED401C467964704616F51D59BE14718F0D0211B9E1FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172664Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:08.644{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7D8414B8AA02F1CBC254A9325947BB9B,SHA256=AFF9531C5794763100F25E933F53812337959608E1DD88D6FAE5DE2442C0F3D5,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172663Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:05.142{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50831-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172665Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:09.707{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2089F41AF5C8DEC4D0C25CCDA511321A,SHA256=9E8E405C9AA60E9AFAE980A5FB05E002B95666BE6B469B036F58F804C63B40DF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172666Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:10.722{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=488C5DC90529E3F7DA7495CDF8C80C50,SHA256=FEB994218B8B8510E065DD3DD3074FBBF64AAA69F8450BF50F192BEDF1DC8F84,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172667Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:11.738{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5B97A59DE6A2A1253E38BA208F3BACC3,SHA256=E6E5E79CAF9F7AE9041D9A18A5B6F5050FFC423A0360EC874F6687B0BBE187E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172669Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:12.754{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EBF289C928FED426CE4D346EBEAD838F,SHA256=E09E77129BB5FCE65AA82648B6673B69CE8199E5BCE080E55ECD9428C59D6072,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172668Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:12.097{D8DCB3A2-A29D-60D0-8B10-00000000D001}23883320C:\Windows\servicing\TrustedInstaller.exe{D8DCB3A2-A29D-60D0-8C10-00000000D001}3480C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.4349_none_7f09d74e21ec00ab\TiWorker.exe0x100000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\System32\combase.dll+7d1d8|C:\Windows\servicing\TrustedInstaller.exe+43a2|C:\Windows\servicing\TrustedInstaller.exe+1d1d|C:\Windows\servicing\TrustedInstaller.exe+28c6|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172673Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:13.988{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=64D6B8048C84C0BEECE68A5433F6DF22,SHA256=DFAAE2AC7DACAD12C08CAF1B20BFFC1E430AE464C79AEC912777D3B547F131D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172672Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:13.644{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=EBA22DA8F718EBE24427FBFFE052983F,SHA256=F81F09ED6A6FBC25D272F4945A0BF211FF048533A6B14076056A040F0C6D23D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172671Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:13.644{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=8999C04111D94E77823CAEA0D002230A,SHA256=04DE47045D211DA83A86CD49CB3021A9E466B44DE0B063D921D02ADB51D7C62D,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172670Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:11.079{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50832-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172674Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.847{D8DCB3A2-4532-60D0-0B00-00000000D001}624700C:\Windows\system32\lsass.exe{D8DCB3A2-4517-60D0-0100-00000000D001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+30949|C:\Windows\system32\lsasrv.dll+2e2a7|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000172677Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:15.785{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C825E74CA0BF91F06D7C4CB549A1E81D,SHA256=FA7253610EA961040CC2664BE779917634AE38470B779C10EFAAB15E120CB1E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172676Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:15.785{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=645D135AC6802D0E92E2339DAA43330D,SHA256=EC1E3652D3375876A7B7D97D49ACB1E36871B83361D22AFA13502F6F6E5044EC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172675Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:15.082{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=43A6AC79B804C72C51AA4409B9B5E37A,SHA256=D0D3A64A96FAE9A91F204D847DAD8F08C6ECE640423CB044135B217C1BC20EF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172684Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:16.332{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B40AD3172C7D92D960F1BF04FBF5E39,SHA256=5DB0DC790A3E20C8FF4B9387D4B3E453F3D39394C3753B678F0E48465FA7F589,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172683Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.817{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50835-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000172682Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.817{D8DCB3A2-4517-60D0-0100-00000000D001}4SystemNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50835-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local445microsoft-ds 354300x8000000000000000172681Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.716{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsefalse10.0.1.14win-dc-385.attackrange.local50834-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000172680Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.716{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50834-false10.0.1.14win-dc-385.attackrange.local389ldap 354300x8000000000000000172679Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.708{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50833-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000172678Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:14.708{D8DCB3A2-4534-60D0-1600-00000000D001}1304C:\Windows\System32\svchost.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50833-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 23542300x8000000000000000172685Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:17.414{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C460CFFAA9E34A9133B5EAEABF0D4ABE,SHA256=71D8F9B6B2E858B136493CC040C120B952134D7D8ACDD81F39064D9A19D6B587,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172687Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:18.632{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=60107E4AF645CBE4F9D0FA4C026B0EC8,SHA256=B0D874A5ECBE05674F2264F6913EDCDEF179D8F4E1EF1C0E8BD79FE1B12C5B59,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172686Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:16.157{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50836-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172688Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:19.757{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E42BF19D57F18F319A06D9544E20498A,SHA256=1D0FE44FF7BEE788287E7B2434E413681857B250909E25B3129212BCEC32B804,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172689Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:20.759{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=81AC8F4C9059A10FE07D5636006D2463,SHA256=5C4F75D83A340D7D5EE2EB96BCF068022A9788B3F3DD824C9D47F59E439AACA7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172690Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:21.763{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=46BC393202F84F49C7591D7A83F48031,SHA256=A89B2DEF984042EAFBE6A3562821E48BF35D35DE0C7F51FEC41967090B7DA425,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172691Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:22.778{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=20A3359C1840E898E043D9062C1EC158,SHA256=60271D568FA64926582291A774573EFBD22A6DCB270B4DCC740908CC5C45AF4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172693Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:23.794{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=17E16F89F6CBC51C4D76D22955A7F829,SHA256=43A5AA0606F091B8DA07807C6BB790B594503855295533B3DAD09A5F26C6FC74,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172692Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:22.073{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50837-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172695Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:24.857{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.datMD5=B977030A3D7BF3A91B7D003E1D1BF8E4,SHA256=2DA5E39FED8FF356342E62ADAFB4A97540C1420F3A2006299AD7D351474C3223,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172694Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:24.810{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37645C544FC9BA8EE99C40C185E104FC,SHA256=04D8B7F79805AA7C6772E548C20B4902217D79F7CF6310100E3996484666B2D3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172696Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:25.888{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A6CFDF98400B22923912D8FC9FF96B8D,SHA256=2F883C521001436D50B45D092F715C967900999AC2E77F951DF0203F1CCA2DD0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172699Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:26.904{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=735818214D90E8C56DF1D665E58B1F33,SHA256=0CC71199167926898DE97DE68D8A9F064CB31BDFBAB4D8FF7D4A96E1CE4EFD0F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172698Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:26.763{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E6C9C1F3DE71C77207326F5AB8AD0EE,SHA256=9D526972F275210B736AE345E99A732CEC3660308A5951606E5852BC496E05C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172697Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:26.763{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=C825E74CA0BF91F06D7C4CB549A1E81D,SHA256=FA7253610EA961040CC2664BE779917634AE38470B779C10EFAAB15E120CB1E5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172700Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:27.919{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0526D010573A9C905A291109C956CA89,SHA256=2657A45CF2F975D9C884CEF7AAF2C141F4539CA6CED02804E7BA688BE7410684,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172701Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:28.997{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5567F7CC1C969A35FDD43BAAFB78A43E,SHA256=6FDD36263C049E184863A44F8ED85C1E4A078D19772A3A83B619B0EE12619A63,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172703Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:28.041{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50838-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172702Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:30.107{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=74704B4526E65EC68D41F70C2A8B33E8,SHA256=0842CB39B525E30AA45EFBFB806BBB3853D003964845D3E18C830A610D7BE0BA,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172705Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:31.200{D8DCB3A2-4532-60D0-0B00-00000000D001}6245704C:\Windows\system32\lsass.exe{D8DCB3A2-4517-60D0-0100-00000000D001}4System0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Windows\system32\kerberos.DLL+96ef2|C:\Windows\system32\kerberos.DLL+793e4|C:\Windows\system32\kerberos.DLL+1443f|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+2b3f4|C:\Windows\system32\lsasrv.dll+304a5|C:\Windows\system32\lsasrv.dll+2e33b|C:\Windows\system32\lsasrv.dll+2d231|C:\Windows\system32\lsasrv.dll+15e0d|C:\Windows\SYSTEM32\SspiSrv.dll+1a96|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e 23542300x8000000000000000172704Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:31.122{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5D47FF51B6491EA20B599A6C1E851550,SHA256=E18913F22245ADEE9D299D4287E11AC3F9810FADD10ECB10C1F6319DC88C5B6C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172724Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A33C-60D0-B510-00000000D001}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172723Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172722Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172721Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172720Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172719Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A33C-60D0-B510-00000000D001}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172718Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.919{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A33C-60D0-B510-00000000D001}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172717Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.920{D8DCB3A2-A33C-60D0-B510-00000000D001}6800C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172716Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8F9B478920FE3B4AA24F7A0A9AC1B321,SHA256=4B8E4EEA1B9C9BEFF2986249648CAB1E4106C19AAE7645D00F65935DA153FD27,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172715Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A33C-60D0-B410-00000000D001}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172714Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172713Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172712Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172711Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172710Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A33C-60D0-B410-00000000D001}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172709Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.247{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A33C-60D0-B410-00000000D001}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172708Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.248{D8DCB3A2-A33C-60D0-B410-00000000D001}6772C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172707Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.232{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8201908E7F979A86EC8ADE2E2E9D1725,SHA256=46A822D3018CA7935E4A606E0ADA4F4780A95AA68C0AA30E433A2B65F2BFEC2A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172706Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:32.232{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=3E6C9C1F3DE71C77207326F5AB8AD0EE,SHA256=9D526972F275210B736AE345E99A732CEC3660308A5951606E5852BC496E05C2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172735Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A33D-60D0-B610-00000000D001}6356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172734Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172733Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172732Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172731Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172730Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A33D-60D0-B610-00000000D001}6356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172729Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.591{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A33D-60D0-B610-00000000D001}6356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172728Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.592{D8DCB3A2-A33D-60D0-B610-00000000D001}6356C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172727Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.294{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=447476AF5506AEF4245A59301CF6B449,SHA256=A1CDEE0D1A9DBBDC842A9DE9EB6A6598A1AD7AA3D657B8D9C17FD5202B7DA725,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172726Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.263{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=8201908E7F979A86EC8ADE2E2E9D1725,SHA256=46A822D3018CA7935E4A606E0ADA4F4780A95AA68C0AA30E433A2B65F2BFEC2A,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172725Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:33.060{D8DCB3A2-A33C-60D0-B510-00000000D001}68006796C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172737Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:34.825{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F675B1973FCAAB91739E742DF9EF8B18,SHA256=A9770D1C375698CD6ECA8A477C7DCAF27AE37BAE922980786278DC802B223580,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172736Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:34.497{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D1B425808C136201AB5DF1FF23EC582F,SHA256=49705FF0A1149077484D557AF025205322DD7E9C795AB980E8B06DB48AF1755F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172757Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.935{D8DCB3A2-A33F-60D0-B810-00000000D001}62006156C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000172756Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:34.025{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50839-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172755Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A33F-60D0-B810-00000000D001}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172754Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172753Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172752Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172751Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172750Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A33F-60D0-B810-00000000D001}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172749Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.794{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A33F-60D0-B810-00000000D001}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172748Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.795{D8DCB3A2-A33F-60D0-B810-00000000D001}6200C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172747Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.670{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A73905A7C7ADDAC2919F0FD76A306C3A,SHA256=E5179DC205C3FA03BD77DD3F232C1105474F63D4034AB8D856402134F9D1A0F2,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172746Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.278{D8DCB3A2-A33F-60D0-B710-00000000D001}3162064C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172745Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A33F-60D0-B710-00000000D001}316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172744Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172743Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172742Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172741Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172740Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A33F-60D0-B710-00000000D001}316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172739Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.122{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A33F-60D0-B710-00000000D001}316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172738Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:35.123{D8DCB3A2-A33F-60D0-B710-00000000D001}316C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172768Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.684{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D8AE32A4E30CF51461D9B3ADBB9C08E,SHA256=18295F860D16C7AB460338AC500F8DB45991A871C60EEE0CD2484A6E8E55E51C,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172767Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.637{D8DCB3A2-A340-60D0-B910-00000000D001}63125684C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172766Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A340-60D0-B910-00000000D001}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172765Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172764Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172763Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172762Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172761Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A340-60D0-B910-00000000D001}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172760Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A340-60D0-B910-00000000D001}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172759Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.497{D8DCB3A2-A340-60D0-B910-00000000D001}6312C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172758Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:36.138{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=AD49E5318044A36D56C88DEAE417FC6D,SHA256=3492CDD15B2FD2A5DA8B315A745227B5B1B2D4348369FC8B92E4BBA70294422E,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172778Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.840{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A4515ECEA8B27593FCC8718E8FBB81CB,SHA256=EAA88D04B60EBDD38472B8B3C0EDA7CD26B35331CFB6A89B64A5E2C856DBC905,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172777Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A341-60D0-BA10-00000000D001}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172776Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172775Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172774Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172773Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172772Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-4532-60D0-0500-00000000D001}408524C:\Windows\system32\csrss.exe{D8DCB3A2-A341-60D0-BA10-00000000D001}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172771Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.621{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A341-60D0-BA10-00000000D001}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172770Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.622{D8DCB3A2-A341-60D0-BA10-00000000D001}6644C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172769Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:37.512{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=2B97919B2B88C32D4292EF7AA92F8E88,SHA256=8C1E81FAC6D9DC9A1DC6EAE086111FC7BC19312176968A44A224FEA7810520F6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172779Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:38.637{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=0683D7A089BBE0F281FE807D01B69E47,SHA256=CC0FED9BB808174B01ACA8AE4C00EEEC457C8DF3D5CB1A764BC429110D1DC66F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172780Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:39.012{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=63BB2422C411B4A3065C10DE65C3308A,SHA256=1DD7401F8486DDD92C11D69E48BE41BA71B5B65F0E0C8F8FED70554AFFD68782,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172782Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:39.087{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50840-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172781Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:40.122{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=420C7C305491FC023F9E55FEED8247A6,SHA256=A8987227201CF783D5D3F4DDAC7DE15A5EF6D1DEFFF7793BC3FC4153C9219758,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172783Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:41.356{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C74D1272983FCD4C6B57C727954C726,SHA256=FA5BB7AD946251926AD48E196986FA0802F55C819829D4CB2DB92A788CEBD99B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172787Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:42.731{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=9ECE41D4661D9E1A9EAB5C4028979394,SHA256=EE11824841FB0BD663F082BCE6209B7E94ADDCF3B5F8381C09061BFECEC880EE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172786Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:42.731{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\ApplicationMD5=0085FACE7450EBC7AA913632F547D6F2,SHA256=AC7CC6523B63A8BE838F3E837F342DF5DB62D9F7DFFECA75C339FA3787D81ACA,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172785Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:42.403{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7B1EABC9E489A226E8A40171C4034C98,SHA256=063E411BBE4E6274A96089125A6DD2A4F8EE8F9DA2261C6F113155CE7B65E97A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172784Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:42.293{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172791Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:43.762{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=AD0B4C0C2EBD99127871EB1BDEBAF106,SHA256=2BF3599E30D63363F231DB02A026A91DFA6C7FA21A7D04AC5B614536EAEC34FE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172790Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:43.762{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SystemMD5=EBA22DA8F718EBE24427FBFFE052983F,SHA256=F81F09ED6A6FBC25D272F4945A0BF211FF048533A6B14076056A040F0C6D23D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172789Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:43.418{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5EDF4C9AB5884534C7CE5B110682954,SHA256=D52E17A7BCC06CBEF0C5C20421DABE9E2878A2CFEF43DA5649CC52EC8406F18A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172788Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:43.293{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=428990C2FE9FD0D47978325D00474E7F,SHA256=AF8F1D60CC75EBF77F8D441D0F15E8E87D00E1E2DA5B88D443A95AD84078C86C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172792Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:44.637{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4260F856A83F8510ADF603326E48892D,SHA256=98C432DC0AE0DF823C5FAD827398DC43A0204FE68C208304268130182A98CAF1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172794Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:45.809{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F9B913BA78DEE55ADAD3B6F36D20648B,SHA256=8926A9AA5F6BC93E0A56807A57891213CAEC6E4394600A01725D41A0D2231E3B,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172793Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:42.259{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50841-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000172796Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:46.840{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2D0CD6449060FFC82D3DE54AA9B6418D,SHA256=6B46A525F1BFE583DA5DA4916D3E7C7BDA45AADE951C30A57A35BB1F7D1877CA,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172795Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:44.212{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50842-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 13241300x8000000000000000172800Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:33:48.371{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Volumes\DFD6B7A8-0000-0000-0000-100000000000\Volume Configuration File\\.\C:\System Volume Information\DFSR\Config\Volume_DFD6B7A8-0000-0000-0000-100000000000.XML 13241300x8000000000000000172799Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:33:48.371{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Config SourceDWORD (0x00000001) 13241300x8000000000000000172798Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-SetValue2021-06-21 14:33:48.371{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\system32\DFSRs.exeHKLM\System\CurrentControlSet\Services\DFSR\Parameters\Replication Groups\9421F5BD-5BA0-453C-965D-CEB3A23E49AE\Replica Set Configuration File\\?\C:\System Volume Information\DFSR\Config\Replica_9421F5BD-5BA0-453C-965D-CEB3A23E49AE.XML 23542300x8000000000000000172797Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.075{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F5597EC7DC3F53B69EE9D30961828D19,SHA256=49982B765B7D3BA498293739C637AFFD1CAF1BD82161B6B9C610B623BA5265DE,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172803Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:49.403{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73F306EAA1ECAA727FF2FF7D9AC68511,SHA256=F867D1A309D282B3908717A1C6C8372F1198DDA110E7911EEA4AE5D9320D9513,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172802Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:49.403{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=151FC5E924686FCFF79963111A0D01CF,SHA256=85120C2A11FF4AD67E007D1E18EFB4FEEEDE82FA7234C094823530A1385AC13C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172801Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:49.090{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B15A8C66B358785F675F1F3EA61C4F9B,SHA256=D2AA80E1CC3D43B0EC3E502DF8CBA9579A3E6EE866D23BB734DA38CD92FFB3FF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172810Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.357{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50845-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000172809Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.357{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50845-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000172808Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.351{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50844-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000172807Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.351{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50844-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local389ldap 354300x8000000000000000172806Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.338{D8DCB3A2-4533-60D0-0D00-00000000D001}896C:\Windows\System32\svchost.exeNT AUTHORITY\NETWORK SERVICEtcpfalsetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50843-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 354300x8000000000000000172805Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:48.338{D8DCB3A2-4544-60D0-2800-00000000D001}2868C:\Windows\System32\dfsrs.exeNT AUTHORITY\SYSTEMtcptruetruefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local50843-truefe80:0:0:0:58a4:ff:89f4:1218win-dc-385.attackrange.local135epmap 23542300x8000000000000000172804Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:50.121{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A1E362F210E221FCF27936AB50CB198,SHA256=76B3AB4E6D4F1AC5C74934095C96F2CC00A3FAB85FF54640B9FC63526E114905,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172811Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:51.168{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ADA164098796AD6342CC2AE74A15FE9D,SHA256=68362378254B2650D1FE912BC2294855E61D141B6F9625849DB958515382E543,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172813Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:50.149{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50846-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172812Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:52.184{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3D2C3526E1B065C74FC231125CC5BF5B,SHA256=180F67D2D165204F606487A91E91E8E5AF62432E883E219300D634E908CEDCCB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172814Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:53.200{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=16141E28236A3AF50A08618D713CDAC3,SHA256=48324CB8EE30C42C49DC25716E19BDE56AFE1FF3564340D541601A2C66CC38C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172815Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:54.434{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=FA2C85038A5ED96D82C962141F7155AB,SHA256=1ECD148737F565DB24ACA3FC0522E3A5F16A111D687CC4691FFCA46C4099A2B3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172820Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:55.590{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=7EE62703BEFC1D4066E7542B3AF57087,SHA256=2CA26CBACCF0451003E9EC1D7558618A63A2C2845B3DC5FAD7FD5F84FE59AFCE,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172819Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:54.368{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50847-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000172818Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:54.368{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50847-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000172817Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:55.418{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79239C225FCB591430BE547ECA76BFFA,SHA256=F8DAFEA6DB408BB5F9D43F8BBAF8293EF56AFAE16684546B469503E229C20F99,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172816Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:55.418{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=73F306EAA1ECAA727FF2FF7D9AC68511,SHA256=F867D1A309D282B3908717A1C6C8372F1198DDA110E7911EEA4AE5D9320D9513,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172821Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:56.605{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2DA550C5E10BD76135D49E058304DA8A,SHA256=96414F28C96234F6EA0BFCDD9C4A5F42B52CF5426882BC9C89B89DB1EA2D0A27,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172823Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:56.196{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50848-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172822Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:57.652{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B2282735075FF944B5758599776C1E28,SHA256=C9E0188E12CC9EF556EB2963F0DFCEDBCB842835592757D42023BF74E1ECDBB1,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172824Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:58.870{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A57CA6BDFD32668F43308B9036505E55,SHA256=BC488D4EC8F7397B9BD556DBD705BF990ABCEFB6EF1A8B43BEE2D7D2BF3101CC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172825Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:33:59.870{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E819A4D589CD697A6367CF2BF5EB40E0,SHA256=33BFABCFB480A099EC28FE7719E33B2F2ABEE4C60FEA81B667C25433A3591B8A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172826Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:01.105{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=82E344CA6E8C772DEE3DE6AA0BDFF7FE,SHA256=0A7ABC90CAA79D279AA54A096DA960B9AC85F09EB3D2168BA5D277FA8F9F7B36,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172827Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:02.339{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9705B21D7E2EA13422C4B50ADDA4157,SHA256=B6CD10EE512404B9CFC8E706B0D7422D035AA65D200CCC0273F289E9E553899E,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172829Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:02.132{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50849-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172828Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:03.355{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9890D720EBBA6357246D0B4B9443B637,SHA256=CBEB659CCB5FE61C2C7AD281F51B807ADFE8C23B769440B05028C8B1ADEB9AC0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172830Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:04.370{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=2921C609D04102630D613237DAA6F665,SHA256=FCB758497C36237BE6B291E63B9CB720C86D6CCB087BBE596B0AE29CD139E8F0,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172831Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:05.386{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A1B348584247B2F8BF20DBF78A6F4D84,SHA256=0CD2D89A48B6FC1532D78BDC0AC625A7E0A4429D27D89F8FF4E0D8FF5F61E81F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172832Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:06.402{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A3BCDBC8D7F1690E085AA73FC164D6A1,SHA256=1D49FD78452C66C0B6022832D80FD205BBF42D275977D22A638FF1BE48AD577F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172833Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:07.417{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=71A679B050B50F67810115AB444B2508,SHA256=F1B1978F869D74323C93978D137D70D70C991721A2A2A07CC6DBF46BA91238DB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172834Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:08.448{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5777F9E9A3B28ABFE4582F6F4F879F26,SHA256=A6B2E72ED9B02EFC1B8057AB79287620C5C3A23313ABC1FFCDCF53E29DA9B631,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172836Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:08.007{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50850-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172835Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:09.495{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D6C938282FB4460B47B47C80FC18989A,SHA256=46D15C5AA894AB4E7F488A469D22DD5A0E8ABE0562E577BF74D28334F2415017,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172837Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:10.495{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D2EBD9323192D763E456F1D9829939DA,SHA256=EE09ABA5DEB3C60C4D64324593429D1EBD86933C1E7A98EC7EA708D73DA3B307,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172838Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:11.652{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=94671FAE578FD4318E6D4C42FDB4C364,SHA256=3B2D6112FC4F2C16CD74D9D83C2F666DB048ED3D72690125CE4A790BB0573DB8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172839Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:12.698{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4D49578835A2F7AD7172FD288BE8601A,SHA256=F2348D2B5F7ABB3A61B1E34F076F2F381B81B9AAD6A99ECE403D1310CAB5F199,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172840Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:13.714{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F7645BEEE3CBEC64B27C0ADB29855F45,SHA256=8F51CCB4C8CD741309A906E9249630D6AEA5EA3237BF208A0C2DB74107BA432D,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172841Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:14.948{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=0DC69CDBE722D20298A9EA36E3DF51F6,SHA256=9EAEBF1950A6E82AC7A238378FA2C4FB651B01673D75C01900D7DF2E0DF87B5F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172843Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:15.964{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=95B147B9859494C2E12F9C04BAD2ABA4,SHA256=EBD7E3F53D3B18B65F9A868BB4B11DEE5F6FA52E001B472E0B6D586220345F0F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172842Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:13.179{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50851-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172844Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:17.190{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E14812C3DA505A4AFC18378C2EE0F44D,SHA256=49A8CBC42B5FA53004F0F2633BC40BDFD0015C8D10FB2B791204DF3F3F04F459,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172845Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:18.424{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3EFF1245805BD951E4802741AC26B897,SHA256=46F74722348495A259BD7D6CD705CC5E813213B36B44BCE25616C6DEEBFDEF67,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172846Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:19.424{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=F828AC08E43864D8A4107F7B1F342017,SHA256=6994FF8D5E7EF9935B295D618D9556ED9EC7C640ABABE34614D4C30703A8CFCC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172847Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:20.425{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8A16290BB27959DDF47B5DEE2244B4CC,SHA256=E62A99C1001C8D8E9564067A2348A930A11E47510369FFB19C751B7DCFA26895,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172849Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:21.578{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=34910AD830AD59C26832699150B845AA,SHA256=DC634D957148B4E327560C11F5A0309E69A2C146B0F93705950E19E6E57633D7,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172848Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:19.029{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50852-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172881Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172880Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-4544-60D0-2D00-00000000D001}2968C:\Windows\system32\svchost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172879Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172878Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172877Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172876Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172875Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172874Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A000-00000000D001}5064C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172873Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172872Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172871Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172870Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172869Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172868Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172867Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172866Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172865Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172864Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172863Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172862Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172861Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172860Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172859Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172858Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172857Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172856Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172855Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+d34e|c:\windows\system32\rpcss.dll+c38a|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172854Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EA-60D0-9F00-00000000D001}4856C:\Windows\Explorer.EXE0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172853Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172852Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172851Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.831{D8DCB3A2-4533-60D0-0D00-00000000D001}896916C:\Windows\system32\svchost.exe{D8DCB3A2-45EB-60D0-A100-00000000D001}2904C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe0x1000C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|c:\windows\system32\rpcss.dll+f681|c:\windows\system32\rpcss.dll+c264|c:\windows\system32\rpcss.dll+d73e|c:\windows\system32\rpcss.dll+a35b|c:\windows\system32\rpcss.dll+436a1|c:\windows\system32\rpcss.dll+437d2|c:\windows\system32\rpcss.dll+43b0f|C:\Windows\system32\svchost.exe+1380|C:\Windows\System32\sechost.dll+14342|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172850Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:22.581{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B9BD28A80433E67B457FE6575AA69D55,SHA256=C3135D056FA00BB70BB81B609A883E4497FAA6FAC52F898745BFC8F548FE43EF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172882Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:23.956{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC023E497FD2B4903423CA45B101DB9D,SHA256=935C7639F4928F5ADB19D6FFA5420B75CF184873F5913C4E38A6EBE898CCDE0C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172883Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:24.862{D8DCB3A2-4534-60D0-1100-00000000D001}404NT AUTHORITY\LOCAL SERVICEC:\Windows\System32\svchost.exeC:\Windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.datMD5=626E9B6CCE01FEF54D4935304DB60097,SHA256=79A9AA470F193BCA68109B6D85978D4BF3AE1256E41A72A6FB21A40A31AB7669,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172884Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:25.018{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=4FC868348F3B021936417D8269D109C5,SHA256=8CBDD9C93AB934A9D3255AD3382792D1012BF3FB43D0EABF6C5E0A2F541FC849,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172885Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:26.050{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=1D98D1003D34E89CC4A87D5F2CF191C7,SHA256=512710B0FEA119FA69DAED9650DDC81B4CD423B028C5D0DB86878C51B7F99A51,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172887Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:25.045{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50853-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172886Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:27.065{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EEE6D8810DEA4D9F0759B0B5B37E4D7E,SHA256=1260C7072D185EC0D110CCB69EEAAEBD4BABAE8F33CF521CF6BB223084B57B4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172888Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:28.081{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3C0F8B4684D299AC8F87FC9ECCF0439A,SHA256=885538D60C42C13227A56427C3D07033C733F1390DDD23FFFCC47AC2A65D7F3A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172889Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:29.206{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5010383E00EE6019D1CDE85F1FDB7155,SHA256=D0936CEDB62435818AAF6EE3A5DBB4BD14C7B64065AFB23E0F8798A315DEB070,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172890Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:30.222{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=5BBBB728AE336B8E759418FB6835725B,SHA256=7580E2FABCAEF920C98361618DCBDE4AF10AE9C343D1FEB387C9D8E59DA489CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172892Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:31.425{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EC926307C5C05E7FA71369F66D478843,SHA256=FEB80119B52840E266A6A3291AE182BF773DB31718D7B3A1332138949121F1CF,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172891Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:30.123{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50854-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172909Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A378-60D0-BC10-00000000D001}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172908Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172907Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172906Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172905Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172904Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A378-60D0-BC10-00000000D001}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172903Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A378-60D0-BC10-00000000D001}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172902Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.925{D8DCB3A2-A378-60D0-BC10-00000000D001}5080C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe8.0.2Active Directory monitorsplunk ApplicationSplunk Inc.splunk-admon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=947139F3BB2AB70CAF692A60C7A3A735,SHA256=940554A0170A70F634689CC84B00C51AC0BCF773C9639E1305E3672441FC85C8,IMPHASH=357CEC18833E7FF2ABFB722902B13165{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172901Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.456{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=E58CDDFF160B3CA48F32ED81704C29DE,SHA256=0F02561638FC32242C80872977ECB91FEB7B41652CD04351E8D4EB40FC24256F,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172900Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A378-60D0-BB10-00000000D001}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172899Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172898Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172897Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172896Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172895Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A378-60D0-BB10-00000000D001}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172894Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.253{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A378-60D0-BB10-00000000D001}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172893Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:32.254{D8DCB3A2-A378-60D0-BB10-00000000D001}5812C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe10.0.10011.16384SplunkMonNoHandle Control ProgramWindows (R) Win 7 DDK driverWindows (R) Win 7 DDK providerSplunkMonNoHandle.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-MonitorNoHandle.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=BF28C74E12839E40CD89696C7CB01573,SHA256=6187325F302F232DE582FE28E0E0D2B292AB8122C3356C9CE295A482D7B93EA3,IMPHASH=27776F2813155A6CF34F6A075A0C2EC8{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 10341000x8000000000000000172921Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A379-60D0-BD10-00000000D001}5372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172920Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172919Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172918Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172917Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172916Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A379-60D0-BD10-00000000D001}5372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172915Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A379-60D0-BD10-00000000D001}5372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172914Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.597{D8DCB3A2-A379-60D0-BD10-00000000D001}5372C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe8.0.2Network monitorSplunk ApplicationSplunk Inc.splunk-netmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-netmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=8746B8C1724B67C2B1261446C0CFAA57,SHA256=7EFD09FD383FAA75C5D2990E6DBBFD846AEAA08B7037C7D66B4A0EF2AE0866B3,IMPHASH=7B985F47B35272AD7B5218255ACE7AEC{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172913Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.456{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=ED637F637B934D5C076BF42E55D24B2D,SHA256=200AC7D2BB3ED3C65BCA1C96A1AB5CB6EA4AAC2328B4D60DDEEC3A75600794B7,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172912Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.284{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F3AC85D28044374ED57C09AF8787145B,SHA256=4E54AFFEA3E6BCCAA113FBE02C82A19B07C0B7C79E352381F3D2FB975EE616B5,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172911Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.284{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=79239C225FCB591430BE547ECA76BFFA,SHA256=F8DAFEA6DB408BB5F9D43F8BBAF8293EF56AFAE16684546B469503E229C20F99,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172910Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:33.065{D8DCB3A2-A378-60D0-BC10-00000000D001}50804188C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6025c5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+6020f6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+59e67|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+5b88c|C:\Program Files\SplunkUniversalForwarder\bin\splunk-admon.exe+8e7d70|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172923Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:34.675{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=642A24D26F7118D7559CA49A0B62D079,SHA256=96B5DD6F11947FACC358658CF106770368B5D35969AC8099801B4B2511B34101,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172922Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:34.612{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=F3AC85D28044374ED57C09AF8787145B,SHA256=4E54AFFEA3E6BCCAA113FBE02C82A19B07C0B7C79E352381F3D2FB975EE616B5,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172942Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.925{D8DCB3A2-A37B-60D0-BF10-00000000D001}59765688C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172941Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A37B-60D0-BF10-00000000D001}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172940Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172939Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172938Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172937Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172936Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A37B-60D0-BF10-00000000D001}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172935Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A37B-60D0-BF10-00000000D001}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172934Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.800{D8DCB3A2-A37B-60D0-BF10-00000000D001}5976C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe" --ps2C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172933Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.737{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AA79FB4C6BB11040D96105E84041571C,SHA256=4309889D408C313F17F70039F0BDF4E0DBBD61A9ED98268E83927C795905159E,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172932Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.284{D8DCB3A2-A37B-60D0-BE10-00000000D001}4032512C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e675|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+55e1a6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+6b453|C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe+8e8530|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172931Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A37B-60D0-BE10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172930Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172929Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172928Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172927Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172926Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A37B-60D0-BE10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172925Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.128{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A37B-60D0-BE10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172924Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.129{D8DCB3A2-A37B-60D0-BE10-00000000D001}4032C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe-----"C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=030CC9FD3784684043D9236FF16904DE,SHA256=6C84A212BD1EA1FCC493E9F8ED1C1507E2773F6FE71ACDE265067F3153BE6241,IMPHASH=45491F0E80AC016364EB8FB78BD23A1C{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172954Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.739{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3451F0E5B7A6498EEF1236DE46132780,SHA256=2533794363B4CFF04DE76148EE6745875389207668B91A43806DD9205F0078E8,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172953Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.630{D8DCB3A2-A37C-60D0-C010-00000000D001}60246992C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe0x101400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+221bd|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+5691a5|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+568cd6|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56657|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+56ca7|C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe+8f3800|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 354300x8000000000000000172952Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:35.216{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50855-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 10341000x8000000000000000172951Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A37C-60D0-C010-00000000D001}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172950Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172949Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172948Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172947Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172946Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-4532-60D0-0500-00000000D001}408424C:\Windows\system32\csrss.exe{D8DCB3A2-A37C-60D0-C010-00000000D001}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172945Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.489{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A37C-60D0-C010-00000000D001}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172944Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.490{D8DCB3A2-A37C-60D0-C010-00000000D001}6024C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe8.0.2Registry monitorsplunk ApplicationSplunk Inc.splunk-regmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-regmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=91F33F605825B72EE2270559C7AB28F3,SHA256=3DF1CB71BB48B8669BD01179FD94DD8CC82F8103B08A0FACFD366E43E0C5FA42,IMPHASH=23D7D4307FBE7FA4F42B1902826D7C25{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172943Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:36.144{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=B77B09E49B7A5389F00F313E18091028,SHA256=A782A65B3423AE8D47A93196B8FE3C46139EE7CF3AC239A3B7A1529BF5428BBC,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172964Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.755{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=37822D4B7F9FF88C7FA07B950156DC8A,SHA256=4EDFEEE3AC2249C193C12BF2BF47F47D8308F4399F5B789CACBA23CB9B7574E4,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172963Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-A118-60D0-D00F-00000000D001}12924336C:\Windows\system32\conhost.exe{D8DCB3A2-A37D-60D0-C110-00000000D001}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\SYSTEM32\ConhostV2.dll+5ca7|C:\Windows\SYSTEM32\ConhostV2.dll+774b|C:\Windows\SYSTEM32\ConhostV2.dll+a8ef|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172962Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+fd18|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172961Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172960Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172959Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-A030-60D0-890F-00000000D001}4244C:\Windows\Sysmon64.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172958Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-4532-60D0-0500-00000000D001}408476C:\Windows\system32\csrss.exe{D8DCB3A2-A37D-60D0-C110-00000000D001}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\system32\basesrv.DLL+2f47|C:\Windows\SYSTEM32\CSRSRV.dll+5645|C:\Windows\SYSTEM32\ntdll.dll+5178f 10341000x8000000000000000172957Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.614{D8DCB3A2-A118-60D0-CC0F-00000000D001}9562320C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe{D8DCB3A2-A37D-60D0-C110-00000000D001}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe0x1fffffC:\Windows\SYSTEM32\ntdll.dll+a7404|C:\Windows\System32\KERNELBASE.dll+2b860|C:\Windows\System32\KERNELBASE.dll+6b246|C:\Windows\System32\KERNEL32.DLL+1c213|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+ce6a3b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17cade|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18641d|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+17ef16|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c992c4|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+18689b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+189d3c|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c95f5f|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c99fad|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+184c5b|C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe+c7dd7e|C:\Windows\System32\ucrtbase.dll+1fb80|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 154100x8000000000000000172956Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.615{D8DCB3A2-A37D-60D0-C110-00000000D001}6832C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe8.0.2Windows Print Monitor splunk ApplicationSplunk Inc.splunk-winprintmon.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunk-winprintmon.exe"C:\Windows\system32\NT AUTHORITY\SYSTEM{D8DCB3A2-4532-60D0-E703-000000000000}0x3e70SystemMD5=36D3753920C5BBCA16D12DEAD7A3A904,SHA256=EA17F69FB116CFA6ADC3CE07EBBAE3FD2CB221F25E3F7A9ADF3F15DA051831E2,IMPHASH=264D4B9546D98D77D97F569F55A0B748{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe"C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exe" service 23542300x8000000000000000172955Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:37.552{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=DECAD008B6308B457AF3401FFAB2F97B,SHA256=D88E4CA0F05DE79CF1A4CA2509450E4EFD4E506C9206CB3514743D819302C3F3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172966Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:38.849{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=448BE23D3B83B463D1569F1A1CA7CF43,SHA256=0BFC81C708AAFB9B0C5357FBBAD22A72BE009F45FCA6672EE6555857A641ECBD,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172965Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:38.645{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=E5F1C9F5966EED16324F27C9877E0282,SHA256=9C445B6353436F2F4B8921CA54F89A0668758A71F33634092D6CD54C2FCFCA1B,IMPHASH=00000000000000000000000000000000falsetrue 10341000x8000000000000000172970Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:40.536{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11aad|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172969Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:40.536{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+11058|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 10341000x8000000000000000172968Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:40.536{D8DCB3A2-4533-60D0-0C00-00000000D001}8282832C:\Windows\system32\svchost.exe{D8DCB3A2-4534-60D0-1500-00000000D001}1260C:\Windows\system32\svchost.exe0x1400C:\Windows\SYSTEM32\ntdll.dll+a6134|C:\Windows\System32\KERNELBASE.dll+5eab4|c:\windows\system32\lsm.dll+12023|C:\Windows\System32\RPCRT4.dll+7a593|C:\Windows\System32\RPCRT4.dll+d9f41|C:\Windows\System32\RPCRT4.dll+62d4c|C:\Windows\System32\RPCRT4.dll+4a274|C:\Windows\System32\RPCRT4.dll+4918d|C:\Windows\System32\RPCRT4.dll+49a3b|C:\Windows\System32\RPCRT4.dll+310ac|C:\Windows\System32\RPCRT4.dll+3152c|C:\Windows\System32\RPCRT4.dll+1ae1c|C:\Windows\System32\RPCRT4.dll+1c67b|C:\Windows\System32\RPCRT4.dll+43a2a|C:\Windows\SYSTEM32\ntdll.dll+1d34e|C:\Windows\SYSTEM32\ntdll.dll+1ecb9|C:\Windows\System32\KERNEL32.DLL+84d4|C:\Windows\SYSTEM32\ntdll.dll+51781 23542300x8000000000000000172967Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:40.083{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=06ED80029976D4C2214B406F01BDC1D5,SHA256=B4F64DAD494FC946F5092286D09406EE66422C456D385A9FF39017CA1586403B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172971Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:41.145{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=799038D6751802CC97F38C94BBA16BC0,SHA256=9AC9B5C2198033FFBBF4D03BFE2FC68FE93C88BB04A6E7BDBDAB16B9834A76A3,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172974Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:41.015{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50856-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172973Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:42.317{D8DCB3A2-A118-60D0-CC0F-00000000D001}956NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeC:\Program Files\SplunkUniversalForwarder\var\run\serverclass.xmlMD5=536F90675D9745E5B2CE6D1A8727C2A5,SHA256=42C03B2FD5EAB9EBDFD44E3E382BBA48FD1BAF003197FBAD6E391BD3213C43D8,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172972Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:42.224{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9AB3B5E1C31AED84DFB25A0878A71D7A,SHA256=597E867DC22410C8A224FA3A391DF3793D7B8244BE9B4FC35713B5AA3447AB75,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172976Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:42.265{D8DCB3A2-A118-60D0-CC0F-00000000D001}956C:\Program Files\SplunkUniversalForwarder\bin\splunkd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50857-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8089- 23542300x8000000000000000172975Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:43.427{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=25D61C453C42F094B6D9372559FF8307,SHA256=366C777CCFDE358A2021E5EC9DE3F9A3876404A0835535EC75AE7F55A678A40B,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172977Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:44.567{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=492C2BC31744E2C6DDE153F4E1F311CC,SHA256=A9882F542DC61000056AD17310A2B6180FD549135AC6BBCA68E5F57DED420E4F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172978Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:45.755{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B8452D06FFF200D6B0E41ABF28D90062,SHA256=D8462681D4BA0FB808D9D78088E347B0319ED08151A012C58C4F59E9555E29CB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172979Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:46.864{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=293337CD1594B0EDB7DCF11359912819,SHA256=16F3022146E34B6F0F80F61E252519A52D9F051073F4E39BF56E9EE7CA3C1AC6,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172981Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:47.880{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=599D9F010346BBB982918F3634F4DD79,SHA256=71241BBA1AF324182CCCD9F98A8A1BB2817DDD89B25FFBA912B74B75A95760B9,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172980Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:46.031{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50858-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172982Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:48.895{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=9214D5FC987F6979EF02D65091CE7D19,SHA256=6C6ED3F9DF114C07703AE25A58C138CCDB8D7C374913B951F1529D9C7B900BBF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172983Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:49.911{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=AAC28A4761D2B4C91B5D33B422FC32D3,SHA256=CC3700F73048BC64B7465D4A0CB38AA0F04133B12F59F4E3BEC13912A7DFD9C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172984Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:50.927{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88935A0B62BE1A5047DD9AE11D1A2274,SHA256=1FCA86D6C295133CD39D4BE36671B941C4544E9B887C7D4F4717CE4FF7452B98,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172985Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:51.927{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=EA94801F5783801C9B746C28EF4B0913,SHA256=CEF001F76F51C6EE31CA68FDE9FEDA7C954D287B6E154C55BDAF98BE6FC33828,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172986Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:52.942{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=BC0442B39021F364EA0C49496B2E29BA,SHA256=E76053B40092617DEBF9D731BF069D12EEAF8853A3EAE635923713EDD34EC177,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172988Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:53.958{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=A9758E910685790CE484627E40DEA201,SHA256=5DC849B4FFC6F30FEC9B6279B8168D8E481823B8D0E0DC4B3ABC28ED26E849E8,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172987Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:51.109{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50859-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172989Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:54.974{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C887C509C52E6C8450C5093003A3849,SHA256=19D67BB397494044460E949812FAE05A5769B3873D68CF95EB7A5C7E363B865C,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172992Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:55.974{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D9EE8318B0FA757AB123E77F59170117,SHA256=DA9E3AFF1CBE5EDC06EA960C6E7ADB24323D2EED7A2ACEEFA4494F0A028A0644,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172991Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:55.427{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=A60E395EC0309EFFA2E9DD9E9D778F0F,SHA256=5CC702575558B0BC28A387F4B1FF1AB7256C962F63D44DFD34D0A6F5E5B3F51F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172990Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:55.427{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\SecurityMD5=5798F9D2BD9ADCE67615BD00FE3070E3,SHA256=94A5E1389A72244D3B4D7DA87EE4151E23A0427A1222E6E0B770B9B6162144E3,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172995Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:56.978{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=6E9EB25B50B1AF18C2CA14C35BE0AEC2,SHA256=743F969DED130500E599500DC7B5DA3CE0116497C317A4CAE0891470907FB97F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172994Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:54.374{D8DCB3A2-4532-60D0-0B00-00000000D001}624C:\Windows\System32\lsass.exeNT AUTHORITY\SYSTEMtcpfalsetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50860-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 354300x8000000000000000172993Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:54.374{D8DCB3A2-4544-60D0-2700-00000000D001}2860C:\Windows\ADWS\Microsoft.ActiveDirectory.WebServices.exeNT AUTHORITY\SYSTEMtcptruetrue0:0:0:0:0:0:0:1win-dc-385.attackrange.local50860-true0:0:0:0:0:0:0:1win-dc-385.attackrange.local389ldap 23542300x8000000000000000172996Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:57.978{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=8C4D24622B7FB49F452A953F6CB5B7EB,SHA256=F1294F8D3007C3897A9DCF647F920914D6B051032665ED81C2080858233B3425,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000172997Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:56.155{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50861-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000172998Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:34:59.025{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D59F6DEFAC2539F6675242329DAA76A6,SHA256=F917E5D876B10D02331E905674053013545083441DDF03D8CF244CF751A5D8EB,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000172999Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:00.056{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=B6EE352EF2CC3DF4617640C4C2A02859,SHA256=DAEA55CFD31BE8E84F21490239B115D22EAAFA41F3B6A2310C9F643227883B6A,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173000Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:01.072{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=D7954864443F58249A0D12A9D93ACC88,SHA256=4B3DB4A017C270F81015DBB5CDCC98D91B39994534D26BE93168D6BB3F26C731,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173001Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:02.119{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=C77E1817615A41B1F8C95DE8607E05A1,SHA256=3862F5CD089B20A8D6F2B6AB6FF7246ED7584A002F5D438EC5879327A48389FF,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173002Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:03.275{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=510A8E2A7B916900E85B52CCCA9FEF92,SHA256=9ACD95B284F00ED3A77612BBB6AEEBC958B288969EF4C2EBE0A46A1CCE124C9F,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000173004Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:02.050{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50862-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000173003Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:04.291{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=3213AFB4E81D8B045BFFDD2069A3DE1F,SHA256=4625CD4D03958DED405B9F6A82E23546CA0C5371FFCD86523B0549E4DD1FA417,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173005Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:05.338{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=09A844CC2342F3A4373B7652AA4DFB24,SHA256=FBEC90602092E94B1F3FFC4098A235950AA6EA7802144B5FDAA314CE6A263E1F,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173006Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:06.385{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=51261E179DB1F19CBD307EE86447C461,SHA256=344723AEE5F80BD5AEFF2F028551BE5833E7EF626E5058AA144764F350D9A5C2,IMPHASH=00000000000000000000000000000000falsetrue 23542300x8000000000000000173007Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:07.385{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=38E09F40B37B563585515500CC0054E6,SHA256=CC9E03477B14DCBE4DA7F7A8E41FF0D91317848708ADF73B7A971411D83AA058,IMPHASH=00000000000000000000000000000000falsetrue 354300x8000000000000000173009Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:07.191{D8DCB3A2-A11E-60D0-FA0F-00000000D001}4292C:\Program Files\SplunkUniversalForwarder\etc\apps\Splunk_TA_stream\windows_x86_64\bin\streamfwd.exeNT AUTHORITY\SYSTEMtcptruefalse10.0.1.14win-dc-385.attackrange.local50863-false10.0.1.12ip-10-0-1-12.eu-central-1.compute.internal8000- 23542300x8000000000000000173008Microsoft-Windows-Sysmon/Operationalwin-dc-385.attackrange.local-2021-06-21 14:35:08.400{D8DCB3A2-A125-60D0-0310-00000000D001}3092NT AUTHORITY\SYSTEMC:\Program Files\SplunkUniversalForwarder\bin\splunk-winevtlog.exeC:\Program Files\SplunkUniversalForwarder\var\lib\splunk\modinputs\WinEventLog\Microsoft-Windows-Sysmon_OperationalMD5=88BC60F873130A39FA98C56DD4986000,SHA256=8CEDAC5DB13AF6C2B3E1B37078DD84D27C0B656FFFD9BBB5CD09E804EB814E7D,IMPHASH=00000000000000000000000000000000falsetrue